New version of mock working (I think)
Michael_E_Brown at Dell.com
Michael_E_Brown at Dell.com
Mon Jun 26 22:07:46 UTC 2006
> -----Original Message-----
> From: fedora-buildsys-list-bounces at redhat.com
> [mailto:fedora-buildsys-list-bounces at redhat.com] On Behalf Of
> Jesse Keating
> Sent: Monday, June 26, 2006 3:10 PM
> To: fedora-buildsys-list at redhat.com
> Subject: RE: New version of mock working (I think)
>
> On Mon, 2006-06-26 at 15:02 -0500, Michael_E_Brown at Dell.com wrote:
> > For security implications, there is a push to make mock
> 'safe to run
> > by
> > semi- or non-trusted users'. The chroot option is not ever
> going to be
> > safe, from what I can tell, so we might have to make a two-level
> > scheme, or a privleged config option for enabling/disabling this.
>
> I'm not sure how that will effect us (Red Hat). The user
> that calls our mock is always trusted I suppose, in our
> locked down build environment.
>
> > The 'mach' project has much greater ambitions on this
> front, and might
> > be a better choice for you.
>
> I'm not sure if 'mach' was reviewed for use, or if we just
> went straight to mock, since plague did.
One of the signs of project maturity and good leadership is knowing when
to say 'No', and not be afraid to point potential users to better
alternativest to solve their problem. At this point, your request is
right on the border, but I think we can accommodate so far. What I don't
want to run into, though, is the point where we use mock for things like
this: http://thomas.apestaart.org/log/?p=360. That is what 'mach' is
for, and I don't care to try to compete.
--
Michael
More information about the Fedora-buildsys-list
mailing list