-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mike McLean wrote:
Clark Williams wrote:
> Note that the program makes use of Linux namespaces. This *should*
> make our handling of mount points within the chroot (/proc, /sys,
> etc.) a bit easier to clean up, since when the process dies the mounts
> should just go away. I haven't verified this though, so caveat emptor.
Using namespaces does not relieve us of managing our mounts. For
example, mock.py still needs to make sure the mounts are gone before
attempting to remove a buildroot. It mainly serves as a safety net.
I suppose I should have said "if the process terminates abnormally" as
opposed to "when the process dies". I realize that we can't whack a
directory that still has a mount on/in it and that namespaces do
nothing for us there.
> #ifdef USE_SELINUX
> // add LD_PRELOAD for our selinux lib if selinux is in use is set
I don't think the SELINUX preload needs to be done here anymore.
mock.py can set it up when running mock-yum if need be.
Yeah, I meant to ask that on my original email. I didn't build the new
mock.c with USE_SELINUX enabled, because I wasn't sure if we were
going to need it, or if we were going to push forward with a mock
SELinux policy, or something completely different. I will admit to not
having paid the closest attention to all the SELinux traffic on the
lists lately... :).
As I recall, we do an LD_PRELOAD of our .so before going into the
chroot, so that selinux is effectively disabled in the chroot.
Personally, I think that SELinux is a bit of overkill inside a chroot,
but someone running at a high-security facility may feel differently.
I'm ok with letting mock.py manage the addition of LD_PRELOAD to the
chroot and moving it out of the launcher. The code is only complete
when you can remove no more...
Clark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iD8DBQFEkHXpHyuj/+TTEp0RAma5AJ9RHCWo+SA/JQGOo8naNO5kafUK9ACeK8on
IUkEUflC8a5xuzB9PqmGcHE=
=QV9c
-----END PGP SIGNATURE-----