selinux breaks revisor
Jesse Keating
jkeating at redhat.com
Fri Jan 25 02:06:58 UTC 2008
On Thu, 24 Jan 2008 19:49:42 -0600
Douglas McClendon <dmc.fedora at filteredperception.org> wrote:
> A while back on this list, I asked what parts of fedora required root
> privileges to be rebuilt. I.e. why you couldn't just rpmbuild
> --rebuild every last thing as a build user, never subjecting the
> build system to the impact of building as root. The answer seemed to
> come back that the only things that _really_ required root, were the
> creation of small filesystem-disk images. My tool qfakeroot provides
> a solution for that, and given the sizes of the images involved, will
> add but a few minutes to the rpmbuild--rebuild time.
Maybe I missed that, but every /rpm/ is buildable by non-root. It's
when you start talking about /composing/ releases and Live images that
root privs are needed (or enoug privs to make loopback devices).
Now, we could do something more sneaky and ship the livcd-creator and
pungi python scripts setuid, but that's probably not what you're
looking for.
--
Jesse Keating
Fedora -- All my bits are free, are yours?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20080124/0eb40ae9/attachment-0002.bin
More information about the devel
mailing list