hosted reproducible package building with multiple developers?
Daniel P. Berrange
berrange at redhat.com
Fri Dec 10 17:57:02 UTC 2010
On Fri, Dec 10, 2010 at 12:43:04PM -0500, Matt McCutchen wrote:
> On Fri, 2010-12-10 at 15:06 +0000, Daniel P. Berrange wrote:
> > Adding CLONE_NEWPID would be worthwhile to stop the
> > mock process seeing any other PIDs on the machine.
>
> It's critical, or mock could ptrace some process running as root on the
> host and inject arbitrary code.
That is true. I forgot to mention that you'd probably need to block
a large number capabilities while the 'root' part of mock were
executing. eg while mock needs things like CAP_DAC_OVERRIDE,
CAP_FOWNER, CAP_MKNOD, etc to put down files during RPM install,
you don't want it having SYS_ADMIN, MAC_ADMIN, AUDIT_CONTROL,
SYS_BOOT, SYS_MODULE, or SYS_TIME and some others (PTRACE if not
using CLONE_NEWPID).
Regards,
Daniel
More information about the devel
mailing list