[PATCH] add --unpriv option to drop privileges when running a command with --chroot

Michael E Brown Michael_E_Brown at dell.com
Fri Jan 25 00:45:08 UTC 2008 

On Thu, Jan 24, 2008 at 04:07:51PM -0500, Mike Bonnet wrote:
> On Thu, 2008-01-24 at 16:04 -0500, Mike Bonnet wrote:
> > On Thu, 2008-01-24 at 15:42 -0500, Mike Bonnet wrote:
> > > This patch adds a --unpriv option that will cause privileges to be
> > > dropped before running a command with --chroot.  This can be used to
> > > more closely simulate the environment used when running rpmbuilds.
> > 
> > Let me try that again...
> 
> Ok, the attachments are getting stripped off for some reason, trying
> inline...

This patch looks fine to me. Applying.
--
Michael

> 
> 
> >From 85e14d38aec32cf20d7f2bbdc77044d41c32a0a2 Mon Sep 17 00:00:00 2001
> From: Mike Bonnet <mikeb at redhat.com>
> Date: Thu, 24 Jan 2008 15:37:15 -0500
> Subject: [PATCH] optionally drop privileges when running a command with --chroot
> 
> ---
>  docs/mock.1 |    3 +++
>  py/mock.py  |    8 +++++++-
>  2 files changed, 10 insertions(+), 1 deletions(-)
> 
> diff --git a/docs/mock.1 b/docs/mock.1
> index beaf2fb..38c3233 100644
> --- a/docs/mock.1
> +++ b/docs/mock.1
> @@ -137,6 +137,9 @@ Change directory where config files are found
>  \fB\-\-rpmbuild_timeout=\fR\fISECONDS\fP
>  Fail build if rpmbuild takes longer than 'timeout' seconds
>  .TP
> +\fB\-\-unpriv\fR
> +Drop privileges before running command when using --chroot
> +.TP
>  \fB\-q\fR, \fB\-\-quiet\fR
>  Be quiet.
>  .TP
> diff --git a/py/mock.py b/py/mock.py
> index 4a589bc..f422a33 100755
> --- a/py/mock.py
> +++ b/py/mock.py
> @@ -150,6 +150,8 @@ def command_parse(config_opts):
>                        dest="rpmbuild_timeout", type="int", default=None,
>                        help="Fail build if rpmbuild takes longer than 'timeout'"
>                             " seconds ")
> +    parser.add_option("--unpriv", action="store_true", default=False,
> +                      help="Drop privileges before running command when using --chroot")
>  
>      # verbosity
>      parser.add_option("-v", "--verbose", action="store_const", const=2,
> @@ -532,7 +534,11 @@ def main(ret):
>          chroot._resetLogging()
>          try:
>              chroot._mountall()
> -            chroot.doChroot(args, shell=shell)
> +            if options.unpriv:
> +                chroot.doChroot(args, shell=shell,
> +                                uid=chroot.chrootuid, gid=chroot.chrootgid)
> +            else:
> +                chroot.doChroot(args, shell=shell)
>          finally:
>              chroot._umountall()
>  
> -- 
> 1.5.3.3
> 
> 
> 
> --
> Fedora-buildsys-list mailing list
> Fedora-buildsys-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-buildsys-list

More information about the Fedora-buildsys-list mailing list