ermm... why are you talking about CLONE_NEWPID.
I think you wanted to talk about CLONE_NEWUSER so that same UID won't affect outside the chroot. At Sun, 03 Jan 2010 11:36:46 +0900, Junichi Uekawa wrote: > > Hi, > > At Sat, 2 Jan 2010 17:39:17 +0100, > Mike Hommey wrote: > > > > On Sat, Jan 02, 2010 at 05:36:47PM +0100, Mike Hommey wrote: > > > On Sat, Jan 02, 2010 at 05:28:23PM +0100, Loïc Minier wrote: > > > > On Sat, Jan 02, 2010, Mike Hommey wrote: > > > > > Shouldn't pbuilder try to use the original user uid ? I, for one, set > > > > > BUILDUSERID to my own uid... > > > > > > > > Oh that would work too; I think I would prefer pbuilder using a > > > > separate user id since the build might do evil things e.g. killall. > > > > > > unshare(CLONE_NEWPID) ? > > > > That only works with clone(), not unshare, but you get the idea. > > There's two different scenarios > > 1. I want to protect myself from malicious code (set it to some random > user id). CLONE_NEWPID might be a better idea in this case. > > 2. I want to use the same user id inside the chroot too because I > trust the code (e.g. pdebuild). This shouldn't be CLONE_NEWPID, > because pdebuild-internal would require access to /home with the > original PID. > > > > So, using CLONE_NEWPID would have to be an optional thing. > > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
