selinux breaks revisor
Daniel P. Berrange
berrange at redhat.com
Fri Jan 25 13:48:38 UTC 2008
On Fri, Jan 25, 2008 at 02:27:12PM +0100, Valent Turkovic wrote:
> Douglas McClendon wrote:
> >Jeff Spaleta wrote:
> >>2008/1/24 Jesse Keating <jkeating at redhat.com>:
> >>>Maybe I missed that, but every /rpm/ is buildable by non-root. It's
> >>>when you start talking about /composing/ releases and Live images that
> >>>root privs are needed (or enoug privs to make loopback devices).
> >>
> >>make loopback devices.... does fuse provide a non-root way to deal
> >>with this here?
> >
> >I think there are historical threads about the security/code-quality and
> >how it related to the decision of requiring root to add users to the
> >fuse group. Sounded like fuse might get the job done someday, but
> >someday wasn't quite here yet.
> >
> >Still, for doing composes as non-root I like my qemu 'qfakeroot', as it
> >handles everything nicely (but slowly). I.e. I imagine running into
>
> What still prevents kqemu module being shipped with fedora? That speeds
> things tremendously!
It is buggy as hell and no one is actively working on fixing it, and it
is not guarenteed secure
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
More information about the fedora-devel-list
mailing list