RPM roadmapping

Jesse Keating jkeating at redhat.com
Mon Jul 30 14:26:41 UTC 2007


On Mon, 30 Jul 2007 16:22:08 +0200
Axel Thimm <Axel.Thimm at ATrpms.net> wrote:

> I'd like to be able to really setup chroot w/o any root
> privilegdes. This already works at 99% using
> fakeroot/fakechroot. There is some code in rpm that didn't swallow the
> fake environment. It didn't look too difficult to fix. :)
> 
> The application is very important: Currently any submitter can take
> over any builder by placing some code in %post*/%pre* scripts and
> making this package a BR of another package. Being root makes it easy
> to escape the chroot and perform root operations at the builder level
> (unless the builders are properly selinux protected).
> 
> A secondary benefit of fakeroot/fakechroot support would be that any
> random student on any random Linux system could deploy a build system
> under his account and produce nice rpm packages w/o the need for root
> priviledges on these systems.

We'd like something like this for Koji as well (:

-- 
Jesse Keating
Release Engineer: Fedora
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20070730/afadb17b/attachment.sig>


More information about the fedora-devel-list mailing list