change in --copyin?
Jesse Keating
jkeating at redhat.com
Sun Feb 1 18:11:17 UTC 2009
On Sun, 2009-02-01 at 10:17 -0600, Clark Williams wrote:
>
> Jesse is having an issue with --copyin; he's getting a permission
> denied when trying to copy the system /etc/hosts to the
> chroot /etc/hosts. This is due to the uidManager.dropPrivsForever()
> near the top of the --copyin logic block. My question is, do we need to
> drop privs there? Seems kinda crippling to --copyin if you can only
> copy stuff to /tmp or the homedir in the chroot.
>
> Or is allowing modification of the chroot environment a security issue
> we're not willing to live with? Can we check to see if mock has been
> kicked off as root (or does the pam helper logic neuter that)?
Hrm, this is kind of scary, mock is trying to prevent this action? The
weird thing is that an error is reported that the action was not
allowed, yet the end result is that the file is indeed copied. So if
we're trying to prevent it, we're not doing a good job.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-buildsys-list/attachments/20090201/d06f5e3c/attachment.sig>
More information about the Fedora-buildsys-list
mailing list