-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I actually built an SRPM last night, using a moderately hacked mock.py with the new mock launcher.
After figuring out what Michael meant wrt uid/gid manipulation, I went into mock.py and added two methods to the Root class:
elevate() - change uid to the effective uid (i.e. root) drop() - change uid back to real uid (i.e. your user id)
I modified the startup code to save off effective and real uids and to set the realgid to the mock group. I then bracketed calls to "do" that require privileges (e.g. chroot, mount, etc.) to look like this:
self.elevate() self.do(<privileged command>) self.drop()
I had an elinks srpm hanging around and fired off a mock build of that package, which after finding a couple of calls that needed privileges, worked (I'm always amazed when that happens). Admittedly it's not a complex build, but it's a start.
One thing I'm puzzled about is that the build worked on a system running SELinux and currently the SELinux preload isn't being done. Anyone have an example build that bombs because of SELinux when the LD_PRELOAD isn't done?
I need to do a little tidying up of mock.py. The cache stuff is completely broken because the actual pack/unpack logic is in the now-defunct mock-helper. I got started moving it into mock.py, but was overcome with sleepiness last night and didn't finish. I'll try and send out a mock.py to the list today (or would you rather have a patch?). Just wanted some eyeballs on it to see if it's going in the right direction.
Clark
Recommend: do_elevated() do_asuser()
To ensure that all calls are easy-to-audit. The elevate() and drop() calls should be properly bracketed with a try/finally so that exceptions do not interfere with dropping privs.
Along these lines, I also thought that the mount()/umount() code would be best if it were pushed into the do() function.
As for the new mock, I would say patch format to the list is best for small changes. -- Michael
-----Original Message----- From: fedora-buildsys-list-bounces@redhat.com [mailto:fedora-buildsys-list-bounces@redhat.com] On Behalf Of Clark Williams Sent: Thursday, June 15, 2006 9:19 AM To: Discussion of Fedora build system Subject: First srpm built with new mock launcher + modified mock.py
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I actually built an SRPM last night, using a moderately hacked mock.py with the new mock launcher.
After figuring out what Michael meant wrt uid/gid manipulation, I went into mock.py and added two methods to the Root class:
elevate() - change uid to the effective uid (i.e. root) drop() - change uid back to real uid (i.e. your user id)
I modified the startup code to save off effective and real uids and to set the realgid to the mock group. I then bracketed calls to "do" that require privileges (e.g. chroot, mount, etc.) to look like this:
self.elevate() self.do(<privileged command>) self.drop()
I had an elinks srpm hanging around and fired off a mock build of that package, which after finding a couple of calls that needed privileges, worked (I'm always amazed when that happens). Admittedly it's not a complex build, but it's a start.
One thing I'm puzzled about is that the build worked on a system running SELinux and currently the SELinux preload isn't being done. Anyone have an example build that bombs because of SELinux when the LD_PRELOAD isn't done?
I need to do a little tidying up of mock.py. The cache stuff is completely broken because the actual pack/unpack logic is in the now-defunct mock-helper. I got started moving it into mock.py, but was overcome with sleepiness last night and didn't finish. I'll try and send out a mock.py to the list today (or would you rather have a patch?). Just wanted some eyeballs on it to see if it's going in the right direction.
Clark
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFEkWxuHyuj/+TTEp0RAhKNAJ0UNRD78/MRAZPe44ED/CWl8bRongCgwTbR Cmv9TG+KS2JYplFs6R7lVG8= =5hTr -----END PGP SIGNATURE-----
-- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Michael_E_Brown@Dell.com wrote:
Recommend: do_elevated() do_asuser()
To ensure that all calls are easy-to-audit. The elevate() and drop() calls should be properly bracketed with a try/finally so that exceptions do not interfere with dropping privs.
So essentially we won't call "do" directly from a command anymore, we'll call do_<how> and that's where we'll elevate (or not)? Yeah, I can go with that. And yes, a try/finally was on the agenda...
Along these lines, I also thought that the mount()/umount() code would be best if it were pushed into the do() function.
I haven't looked at that, so have no opinion. I'll look at it while I'm working on the above.
As for the new mock, I would say patch format to the list is best for small changes.
I'm on the fence as to whether this is a small to change to mock.py. Tell you what, I'll add the do_elevated and do_asuser wrappers, put that in place and send a diff. If it's too messy I can always send the source.
Clark
buildsys@lists.fedoraproject.org