On Mon, 30 Jul 2007 16:22:08 +0200
Axel Thimm <Axel.Thimm(a)ATrpms.net> wrote:
I'd like to be able to really setup chroot w/o any root
privilegdes. This already works at 99% using
fakeroot/fakechroot. There is some code in rpm that didn't swallow the
fake environment. It didn't look too difficult to fix. :)
The application is very important: Currently any submitter can take
over any builder by placing some code in %post*/%pre* scripts and
making this package a BR of another package. Being root makes it easy
to escape the chroot and perform root operations at the builder level
(unless the builders are properly selinux protected).
A secondary benefit of fakeroot/fakechroot support would be that any
random student on any random Linux system could deploy a build system
under his account and produce nice rpm packages w/o the need for root
priviledges on these systems.
We'd like something like this for Koji as well (:
--
Jesse Keating
Release Engineer: Fedora