On Tue, 25 Sep 2007 08:18:39 -0500, John Goerzen <[EMAIL PROTECTED]> said:
> I don't really think that chroot is the appropriate tool for this.
> Why not something more strongly isolated, such as vserver, OpenVZ, or
> even Xen or UML for this?
I've always used an UML for this. I need to automate my
workflow a bit more -- there are two parts of building packages; one
set of operations run as root (build depends loading, and running
piuparts), and another set which is run as a user running perhaps under
fake root (the real build etc). I can use an @boot cron job to run
stuff; but I have not done so since specifying SELinux policy for this
is not gonna be fun (run as root in some security domain, and then
start a dpkg-buildpackage as root in the usr_t domain), and I have been
being lazy.
I already have a shell version of satisfy_builddeps, so all I
really need is to have the policy snippet, and I'll publish my building
in a SELinux uml/kvm virtual machine thing.
In my copious spare time, of course.
manoj
--
It's a naive, domestic operating system without any breeding, but I
think you'll be amused by its presumption.
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
