You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Specs have no business writing anywhere else than their designated %builddir. %_tmpdir too, but that belongs inside %builddir so it doesn't need special cleanup, just special setup.
This should be entirely doable with Linux namespaces. Of course we can't depend on those being available so it needs to be an optional feature - and other OS'es may have similar technologies they could utilize instead. An alternative means to achieve similar things is SELinux: run build scriptlets under a restrictive context that only has write capability to the suitably labeled %builddir.
And of course, tools like mock do this isolation already. But as long as rpmbuild is a standalone executable thing, some people will use it that way. If/when we have the means to prevent somebody's home getting nuked from an errant %clean or similar, we should do so.
This is mainly talking about build scriptlets, but what really should be isolated is the entire spec parse, because that stage can already write to the filesystem. Examples in the wild include things like %global gnupghome %(mktemp --directory).
The text was updated successfully, but these errors were encountered:
Specs have no business writing anywhere else than their designated %builddir. %_tmpdir too, but that belongs inside %builddir so it doesn't need special cleanup, just special setup.
This should be entirely doable with Linux namespaces. Of course we can't depend on those being available so it needs to be an optional feature - and other OS'es may have similar technologies they could utilize instead. An alternative means to achieve similar things is SELinux: run build scriptlets under a restrictive context that only has write capability to the suitably labeled %builddir.
And of course, tools like mock do this isolation already. But as long as rpmbuild is a standalone executable thing, some people will use it that way. If/when we have the means to prevent somebody's home getting nuked from an errant %clean or similar, we should do so.
This is mainly talking about build scriptlets, but what really should be isolated is the entire spec parse, because that stage can already write to the filesystem. Examples in the wild include things like
%global gnupghome %(mktemp --directory)
.The text was updated successfully, but these errors were encountered: