On Sun, 2009-02-01 at 10:17 -0600, Clark Williams wrote:
Jesse is having an issue with --copyin; he's getting a permission denied when trying to copy the system /etc/hosts to the chroot /etc/hosts. This is due to the uidManager.dropPrivsForever() near the top of the --copyin logic block. My question is, do we need to drop privs there? Seems kinda crippling to --copyin if you can only copy stuff to /tmp or the homedir in the chroot.
Or is allowing modification of the chroot environment a security issue we're not willing to live with? Can we check to see if mock has been kicked off as root (or does the pam helper logic neuter that)?
Hrm, this is kind of scary, mock is trying to prevent this action? The weird thing is that an error is reported that the action was not allowed, yet the end result is that the file is indeed copied. So if we're trying to prevent it, we're not doing a good job.
buildsys@lists.fedoraproject.org