change in --copyin?
Michael E Brown
Michael_E_Brown at dell.com
Mon Feb 2 04:34:13 UTC 2009
On Sun, Feb 01, 2009 at 10:04:09PM -0600, Clark Williams wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> > Hrm, this is kind of scary, mock is trying to prevent this action? The
> > weird thing is that an error is reported that the action was not
> > allowed, yet the end result is that the file is indeed copied. So if
> > we're trying to prevent it, we're not doing a good job.
> >
>
> I tried it on my laptop and the copy didn't happen. Not sure what's
> going on there.
>
> I went back and looked at the commit where I added the copyin/copyout
> options and the uidManager.dropPrivsForever() has always been there.
> I'm considering dropping it for --copyin (where we modify the chroot)
> but not for --copyout (where we modify the actual filesystem).
>
> What do you guys think?
Well, until we come up with a "real" security policy for mock, the above
suggestion sounds reasonable.
--
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-buildsys-list/attachments/20090201/a1ada628/attachment.sig>
More information about the Fedora-buildsys-list
mailing list