On Sun, Feb 01, 2009 at 10:04:09PM -0600, Clark Williams wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Hrm, this is kind of scary, mock is trying to prevent this action? The
> weird thing is that an error is reported that the action was not
> allowed, yet the end result is that the file is indeed copied. So if
> we're trying to prevent it, we're not doing a good job.
>
I tried it on my laptop and the copy didn't happen. Not sure what's
going on there.
I went back and looked at the commit where I added the copyin/copyout
options and the uidManager.dropPrivsForever() has always been there.
I'm considering dropping it for --copyin (where we modify the chroot)
but not for --copyout (where we modify the actual filesystem).
What do you guys think?
Well, until we come up with a "real" security policy for mock, the above
suggestion sounds reasonable.
--
Michael