Miroslav Suchý msuchy at
Mon Sep 2 08:29:59 UTC 2013

On 08/30/2013 10:01 PM, Jay Greguske wrote:
> I'd like to see some elaboration on why VMs instead of chroots would be
> required. I can draw my own conclusions (security) but I'd like to see
> them listed out first before continuing the discussion.

Koji builder has somewhere stored certificate. This certificate authorize him to Koji hub.
Whoever has this certificate can act as Koji builder.
Koji builder builds using mock, which means in chroot. There are known some exploits, which allows you to run out of 

Now imagine evil package, which will run out chroot, read that certificate and deliver it to attacker.
He now can build evil builder and start building modified packages.

While there are known exploits to affect host machine of VM, it is definitely harder than running out of chroot.

Miroslav Suchy, RHCE, RHCDS
Red Hat, Software Engineer, #brno, #devexp, #fedora-buildsys

More information about the devel mailing list