[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: The current fedora.us buildsystem and future directions

> Enrico Scholz (enrico scholz informatik tu-chemnitz de) said: 
> > >> 1. SELinux can protect foreign processes. But is it possible to hide
> > >>    them in /proc also?
> > >
> > > If you cannot access it, why does it matter if it is visible?
> > 
> > E.g. 'service xyz stop' in rpm-scriptlets may have an unwanted behavior
> > when it sees 'xyz' processes in other "contexts".
> In general, you'll be able to tell that there's a process at pid <foo>,
> but not what process it is.
> Note that scriplets in a build root very very very very very rarely
> need to kick processes, if ever.

One particularly embarassing test run of mach comes to mind where I
tried rebuilding and installing the patched openssh rpms and it shut
down the sshd process in the main context because the install scriptlet
restarts sshd.  So it might happen very very very very rarely, but it
was also very very very very painful at that particular time.

So I'm down with Enrico, as always.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]