I'd prefer that we break if the docker group is on the system. If we do want to allow users to say ok, we'll use debconf. Don't use echo and read. I won't apply this. This is completely broken on graphical installers of debs.
Thanks, Paul On Fri, Apr 3, 2015 at 4:43 PM, Gomex <go...@riseup.net> wrote: > On 20-01-2015 13:49, go...@riseup.net wrote: >> On 2015-01-19 14:49, Tianon Gravi wrote: >>> On 19 January 2015 at 10:33, <go...@riseup.net> wrote: >>>> This can happen, but I can't see any possibility of a group docker >>>> causes >>>> any security problem. >>> >>> You probably want to give >>> https://docs.docker.com/articles/security/#docker-daemon-attack-surface >>> a read-through. :) >>> >>> ♥, >>> - Tianon >>> 4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4 >> >> I created that new patch. I was unable to create with debconf, but I >> saw in another packages (ex: postfix) it uses bash echo method too: >> >> 6c6 >> < if [ -z "$2" ]; then >> --- >>> if ! getent group docker > /dev/null 2>&1 ; then >> 8c8,19 >> < fi >> --- >>> else >>> cat << EOF >>> Group docker already exists >>> All users in this group can use docker.io and its can >>> causes security problem (docker-daemon-attack-surface). >>> EOF >>> echo -n "Do you wanna use already exists docker group >>> in this installation?" >>> read line >>> case ${line} in >>> [nN]*) exit 1 ;; >>> *) ;; >>> esac >>> fi >> >> What you think about that new patch? >> > Hi Tianon, > > What you think about this patch? Is needed create something with debconf? -- :wq -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
