The current fedora.us buildsystem and future directions
Enrico Scholz
enrico.scholz at informatik.tu-chemnitz.de
Mon Dec 1 19:51:26 UTC 2003
walters at verbum.org (Colin Walters) writes:
>> 2. Is chroot(2) implemented in a safe manner? Or, can parent directories
>> of build-roots be protected with SELinux policies? Is a safe chroot(2)
>> required at all?
>
> Using SELinux, a chroot doesn't provide any additional direct security.
> However, you may find it convenient to use a chroot in this instance so
> that different sets of packages can be installed, etc.
I am asking because of the following situation: there are two, (nearly)
equal buildroots A & B in the directory tree like
<basedir>
|- A
`- B
Can it be prohibited that A modifies files within B?
Would it be possible to forbid any kind of access at <basedir> for
buildprocesses?
>> 5. Can special mount-operations (e.g. /proc filesystem) be allowed by
>> the policy, or does this require userspace helper also?
>
> The mount system call is restricted, yes.
We will have to deal with
mount -t proc none <buildroot>/proc
vs.
mount --bind trojan /bin/sh
The first command MUST be supported, but the second one (inclusive
variants) be forbidden.
Enrico
More information about the devel
mailing list