Re: selinux breaks revisor

["Daniel P. Berrange" <berrange redhat com>]

On Fri, Jan 25, 2008 at 02:27:12PM +0100, Valent Turkovic wrote:
> Douglas McClendon wrote:
> >Jeff Spaleta wrote:
> >>2008/1/24 Jesse Keating <jkeating redhat com>:
> >>>Maybe I missed that, but every /rpm/ is buildable by non-root.  It's
> >>>when you start talking about /composing/ releases and Live images that
> >>>root privs are needed (or enoug privs to make loopback devices).
> >>
> >>make loopback devices....  does fuse provide a non-root way to deal
> >>with this here?
> >
> >I think there are historical threads about the security/code-quality and 
> >how it related to the decision of requiring root to add users to the 
> >fuse group.  Sounded like fuse might get the job done someday, but 
> >someday wasn't quite here yet.
> >
> >Still, for doing composes as non-root I like my qemu 'qfakeroot', as it 
> >handles everything nicely (but slowly).  I.e. I imagine running into 
> 
> What still prevents kqemu module being shipped with fedora? That speeds 
> things tremendously!

It is buggy as hell and no one is actively working on fixing it, and it
is not guarenteed secure

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|