RFC: utility of 'orphansbuild' patch to mock-helper (BZ#221351)?
Clark Williams
williams at redhat.com
Tue Jul 10 16:53:55 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael/Jesse (and the buildsys list),
Jan Kratochvil has submitted a patch to mock that adds the 'orphanskill' command to
mock-helper (a setuid root program used by mock). The patch traverses the /proc
directory, looking for tasks with a "root" link that matches the chroot currently in
use, and sends a SIGKILL to each matching task.
As far as I can tell this is only useful to the GDB build. The testsuite for GDB
seems to have some either abnormal terminations or so other oddity that leaves jobs
hanging. I've looked at the C code and it looks well written, without obvious
security holes.
I've mixed feelings regarding adding the command. Michael and I have been fairly
resistant to adding things to mock-helper, on the general principle that adding
features to a setuid root program is fraught with peril. I see the utility of the
code, but I'm torn as to whether the 'orphanskill' command is sufficiently useful to
the general community.
So, that's the question. Is 'orphanskill' worth adding to mock?
Clark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFGk7miHyuj/+TTEp0RAlkFAKDgVLDuNdcGpVU3rtnv0gFTDMYPtwCePiKX
IbGKSbEeD62CyrwZlZwTqo0=
=bkbg
-----END PGP SIGNATURE-----
More information about the Fedora-buildsys-list
mailing list