On Sun, Jan 03, 2010 at 11:36:46AM +0900, Junichi Uekawa wrote: > Hi, > > At Sat, 2 Jan 2010 17:39:17 +0100, > Mike Hommey wrote: > > > > On Sat, Jan 02, 2010 at 05:36:47PM +0100, Mike Hommey wrote: > > > On Sat, Jan 02, 2010 at 05:28:23PM +0100, Loïc Minier wrote: > > > > On Sat, Jan 02, 2010, Mike Hommey wrote: > > > > > Shouldn't pbuilder try to use the original user uid ? I, for one, set > > > > > BUILDUSERID to my own uid... > > > > > > > > Oh that would work too; I think I would prefer pbuilder using a > > > > separate user id since the build might do evil things e.g. killall. > > > > > > unshare(CLONE_NEWPID) ? > > > > That only works with clone(), not unshare, but you get the idea. > > There's two different scenarios > > 1. I want to protect myself from malicious code (set it to some random > user id). CLONE_NEWPID might be a better idea in this case. > > 2. I want to use the same user id inside the chroot too because I > trust the code (e.g. pdebuild). This shouldn't be CLONE_NEWPID, > because pdebuild-internal would require access to /home with the > original PID.
Why is that ? Also note that for "external" processes, the pid is the original one. Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
