[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: selinux breaks revisor



Jeff Spaleta wrote:
2008/1/24 Jesse Keating <jkeating redhat com>:
Maybe I missed that, but every /rpm/ is buildable by non-root.  It's
when you start talking about /composing/ releases and Live images that
root privs are needed (or enoug privs to make loopback devices).

make loopback devices....  does fuse provide a non-root way to deal
with this here?

I think there are historical threads about the security/code-quality and how it related to the decision of requiring root to add users to the fuse group. Sounded like fuse might get the job done someday, but someday wasn't quite here yet.

Still, for doing composes as non-root I like my qemu 'qfakeroot', as it handles everything nicely (but slowly). I.e. I imagine running into headaches getting rpm post scripts running as non-root in a target dir, using something like traditional fakeroot to deal with file ownerships. And of course coming full circle, then there would still be the selinux issues in this non-root fuse-using quasi-chroot hypothetical compose beast...

-dmc


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]