First srpm built with new mock launcher + modified mock.py

Michael_E_Brown at Dell.com Michael_E_Brown at Dell.com
Thu Jun 15 17:13:30 UTC 2006 

Recommend:
	do_elevated()
	do_asuser()

To ensure that all calls are easy-to-audit. The elevate() and drop()
calls should be properly bracketed with a try/finally so that exceptions
do not interfere with dropping privs.

Along these lines, I also thought that the mount()/umount() code would
be best if it were pushed into the do() function.

As for the new mock, I would say patch format to the list is best for
small changes. 
--
Michael 

> -----Original Message-----
> From: fedora-buildsys-list-bounces at redhat.com 
> [mailto:fedora-buildsys-list-bounces at redhat.com] On Behalf Of 
> Clark Williams
> Sent: Thursday, June 15, 2006 9:19 AM
> To: Discussion of Fedora build system
> Subject: First srpm built with new mock launcher + modified mock.py
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I actually built an SRPM last night, using a moderately 
> hacked mock.py with the new mock launcher.
> 
> After figuring out what Michael meant wrt uid/gid 
> manipulation, I went into mock.py and added two methods to 
> the Root class:
> 
> elevate() - change uid to the effective uid (i.e. root)
> drop() - change uid back to real uid (i.e. your user id)
> 
> I modified the startup code to save off effective and real 
> uids and to set the realgid to the mock group. I then 
> bracketed calls to "do" that require privileges (e.g. chroot, 
> mount, etc.) to look like this:
> 
>     self.elevate()
>     self.do(<privileged command>)
>     self.drop()
> 
> I had an elinks srpm hanging around and fired off a mock 
> build of that package, which after finding a couple of calls 
> that needed privileges, worked (I'm always amazed when that 
> happens). Admittedly it's not a complex build, but it's a start.
> 
> One thing I'm puzzled about is that the build worked on a 
> system running SELinux and currently the SELinux preload 
> isn't being done.
> Anyone have an example build that bombs because of SELinux 
> when the LD_PRELOAD isn't done?
> 
> I need to do a little tidying up of mock.py. The cache stuff 
> is completely broken because the actual pack/unpack logic is 
> in the now-defunct mock-helper. I got started moving it into 
> mock.py, but was overcome with sleepiness last night and 
> didn't finish.  I'll try and send out a mock.py to the list 
> today (or would you rather have a patch?). Just wanted some 
> eyeballs on it to see if it's going in the right direction.
> 
> Clark
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> 
> iD8DBQFEkWxuHyuj/+TTEp0RAhKNAJ0UNRD78/MRAZPe44ED/CWl8bRongCgwTbR
> Cmv9TG+KS2JYplFs6R7lVG8=
> =5hTr
> -----END PGP SIGNATURE-----
> 
> --
> Fedora-buildsys-list mailing list
> Fedora-buildsys-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
>

More information about the Fedora-buildsys-list mailing list