[PATCH] add --unpriv option to drop privileges when running a command with --chroot

Mike Bonnet mikeb at redhat.com
Thu Jan 24 21:07:51 UTC 2008 

On Thu, 2008-01-24 at 16:04 -0500, Mike Bonnet wrote:
> On Thu, 2008-01-24 at 15:42 -0500, Mike Bonnet wrote:
> > This patch adds a --unpriv option that will cause privileges to be
> > dropped before running a command with --chroot.  This can be used to
> > more closely simulate the environment used when running rpmbuilds.
> 
> Let me try that again...

Ok, the attachments are getting stripped off for some reason, trying
inline...


>From 85e14d38aec32cf20d7f2bbdc77044d41c32a0a2 Mon Sep 17 00:00:00 2001
From: Mike Bonnet <mikeb at redhat.com>
Date: Thu, 24 Jan 2008 15:37:15 -0500
Subject: [PATCH] optionally drop privileges when running a command with --chroot

---
 docs/mock.1 |    3 +++
 py/mock.py  |    8 +++++++-
 2 files changed, 10 insertions(+), 1 deletions(-)

diff --git a/docs/mock.1 b/docs/mock.1
index beaf2fb..38c3233 100644
--- a/docs/mock.1
+++ b/docs/mock.1
@@ -137,6 +137,9 @@ Change directory where config files are found
 \fB\-\-rpmbuild_timeout=\fR\fISECONDS\fP
 Fail build if rpmbuild takes longer than 'timeout' seconds
 .TP
+\fB\-\-unpriv\fR
+Drop privileges before running command when using --chroot
+.TP
 \fB\-q\fR, \fB\-\-quiet\fR
 Be quiet.
 .TP
diff --git a/py/mock.py b/py/mock.py
index 4a589bc..f422a33 100755
--- a/py/mock.py
+++ b/py/mock.py
@@ -150,6 +150,8 @@ def command_parse(config_opts):
                       dest="rpmbuild_timeout", type="int", default=None,
                       help="Fail build if rpmbuild takes longer than 'timeout'"
                            " seconds ")
+    parser.add_option("--unpriv", action="store_true", default=False,
+                      help="Drop privileges before running command when using --chroot")
 
     # verbosity
     parser.add_option("-v", "--verbose", action="store_const", const=2,
@@ -532,7 +534,11 @@ def main(ret):
         chroot._resetLogging()
         try:
             chroot._mountall()
-            chroot.doChroot(args, shell=shell)
+            if options.unpriv:
+                chroot.doChroot(args, shell=shell,
+                                uid=chroot.chrootuid, gid=chroot.chrootgid)
+            else:
+                chroot.doChroot(args, shell=shell)
         finally:
             chroot._umountall()
 
-- 
1.5.3.3

More information about the Fedora-buildsys-list mailing list