| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Dec 2011 17:04:22 +0000 From: Arnd Bergmann <arnd@...db.de> To: "John Stoffel" <john@...ffel.org> Cc: Colin Walters <walters@...bum.org>, LKML <linux-kernel@...r.kernel.org>, morgan@...nel.org, serue@...ibm.com, dhowells@...hat.com, kzak@...hat.com Subject: Re: chroot(2) and bind mounts as non-root On Wednesday 07 December 2011, John Stoffel wrote: > >>>>> "Colin" == Colin Walters <walters@...bum.org> writes: > > Colin> I've recently been doing some work in software compilation, and it'd be > Colin> really handy if I could call chroot(2) as a non-root user. The reason > Colin> to chroot is to help avoid "host contamination" - I can set up a build > Colin> root and then chroot in. The reason to do it as non-root is, well, > Colin> requiring root to build software sucks for multiple obvious reasons. > > What's wrong with using 'fakeroot' or tools like that instead? Why > does the Kernel need to be involved like this? I'm not against your > proposal so much, as trying to understand how compiling a bunch of > source requires this change. I think the better question to ask is what is missing from 'schroot', which is commonly used for exactly this purpose. Is it just about avoing the suid bit for /usr/bin/schroot or something else? Arnd -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists