On Sun, Feb 01, 2009 at 10:04:09PM -0600, Clark Williams wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hrm, this is kind of scary, mock is trying to prevent this action? The > > weird thing is that an error is reported that the action was not > > allowed, yet the end result is that the file is indeed copied. So if > > we're trying to prevent it, we're not doing a good job. > > > > I tried it on my laptop and the copy didn't happen. Not sure what's > going on there. > > I went back and looked at the commit where I added the copyin/copyout > options and the uidManager.dropPrivsForever() has always been there. > I'm considering dropping it for --copyin (where we modify the chroot) > but not for --copyout (where we modify the actual filesystem). > > What do you guys think?
Well, until we come up with a "real" security policy for mock, the above suggestion sounds reasonable. -- Michael
pgpfF8EF6GWd3.pgp
Description: PGP signature
-- Fedora-buildsys-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
