On Mon, 2006-06-26 at 15:02 -0500, Michael_E_Brown(a)Dell.com wrote:
For security implications, there is a push to make mock 'safe to
run by
semi- or non-trusted users'. The chroot option is not ever going to be
safe, from what I can tell, so we might have to make a two-level scheme,
or a privleged config option for enabling/disabling this.
I'm not sure how that will effect us (Red Hat). The user that calls our
mock is always trusted I suppose, in our locked down build environment.
The 'mach' project has much greater ambitions on this front,
and might
be a better choice for you.
I'm not sure if 'mach' was reviewed for use, or if we just went straight
to mock, since plague did.
--
Jesse Keating RHCE (
geek.j2solutions.net)
Fedora Legacy Team (
www.fedoralegacy.org)
GPG Public Key (
geek.j2solutions.net/jkeating.j2solutions.pub)