bugzilla #164441 (mock-helper and basedir)
Clark Williams
williams at redhat.com
Mon Feb 27 15:18:40 UTC 2006
On Sun, 2006-02-26 at 11:03 -0500, seth vidal wrote:
>
> The fhs is our friend. :) However I don't think we're suggesting
> changing the default location for mock just making it possible for
> someone else to do something like that. And if we can do that securely
> then, sure.
>
You've hit the nail on the head. I realize that some folks think badly
of NFS and don't want to use it. That's fine (yeah, I'm not in love with
NFS, but I still want to use it), but what if someone's using
FibreChannel or InfiniBand attached storage? My argument that we should
be able to move the root is still valid.
So, back to my original question: if we *exclude* certain directories as
candidates for chroot'ing, can we securely move the root? I'm thinking
of something like the attached patch (minus the #ifdefs).
Clark
--
Clark Williams <williams at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: arbitrary.diff
Type: text/x-patch
Size: 1321 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-buildsys-list/attachments/20060227/6af5f321/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-buildsys-list/attachments/20060227/6af5f321/attachment.sig>
More information about the Fedora-buildsys-list
mailing list