proposed mock changes (diff)
Michael_E_Brown at Dell.com
Michael_E_Brown at Dell.com
Mon Jul 17 16:52:35 UTC 2006
I am leaving for OLS 2006 and wont be able to do any review for the next
week.
I just caught up on the rpmlint discussion, and have a few concerns.
-- Security of installing just-built RPM
-- Can rpmlint just be done outside of mock (using mock chroot,
for example)? Why do we have to extend mock for this?
--
Michael
> -----Original Message-----
> From: fedora-buildsys-list-bounces at redhat.com
> [mailto:fedora-buildsys-list-bounces at redhat.com] On Behalf Of
> Clark Williams
> Sent: Monday, July 17, 2006 10:29 AM
> To: Discussion of Fedora build system
> Subject: proposed mock changes (diff)
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello all,
>
> I was poking around in the mock source last week and did some
> minor refactoring, a couple of name-changes and tried out the
> rpmlint request. Attached below is a CVS diff of my mock.py
> with the head of CVS. Please review and comment. A quick
> summary of the changes:
>
> 1. Changed version to 0.7.
> 2. Added code to avoid exec'ing mount for proc, sys, and
> dev/pts if we've already done it 3. Oh yeah, added /sys to
> chroot mount 4. Refactoring: renamed _mount to _mountall,
> created _mount routine that is called by _mountall 5. Renamed
> _umount_by_file to _umountall 6. Added code to run rpmlint 7.
> Added elevate/drop around raw chroot command
>
> I'd especially like some thought on #7, since any time you
> elevate and drop you can introduce a security hole and I
> freely admit that I'm not always thinking security first.
>
> If I don't get any push-back (or if I do and then get things
> resolved), I'll commit these later this week.
>
> Clark
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.4 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFEu6y9Hyuj/+TTEp0RAgumAJ9STO3Qc/7Ca4xYNdIAifcKs4oPvACgqpDD
> zOm5eNJ1Gwsgc4KqhS8WW0s=
> =0mBy
> -----END PGP SIGNATURE-----
>
>
More information about the Fedora-buildsys-list
mailing list