From: Arnd Bergmann <arnd@arndb.de>
To: "John Stoffel" <john@stoffel.org>
Cc: Colin Walters <walters@verbum.org>,
LKML <linux-kernel@vger.kernel.org>,
morgan@kernel.org, serue@us.ibm.com, dhowells@redhat.com,
kzak@redhat.com
Subject: Re: chroot(2) and bind mounts as non-root
Date: Thu, 8 Dec 2011 17:04:22 +0000 [thread overview]
Message-ID: <201112081704.22453.arnd@arndb.de> (raw)
In-Reply-To: <20191.49202.793643.397028@quad.stoffel.home>
On Wednesday 07 December 2011, John Stoffel wrote:
> >>>>> "Colin" == Colin Walters <walters@verbum.org> writes:
>
> Colin> I've recently been doing some work in software compilation, and it'd be
> Colin> really handy if I could call chroot(2) as a non-root user. The reason
> Colin> to chroot is to help avoid "host contamination" - I can set up a build
> Colin> root and then chroot in. The reason to do it as non-root is, well,
> Colin> requiring root to build software sucks for multiple obvious reasons.
>
> What's wrong with using 'fakeroot' or tools like that instead? Why
> does the Kernel need to be involved like this? I'm not against your
> proposal so much, as trying to understand how compiling a bunch of
> source requires this change.
I think the better question to ask is what is missing from 'schroot', which
is commonly used for exactly this purpose. Is it just about avoing the
suid bit for /usr/bin/schroot or something else?
Arnd
next prev parent reply other threads:[~2011-12-08 17:05 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-07 17:54 chroot(2) and bind mounts as non-root Colin Walters
2011-12-07 19:36 ` John Stoffel
2011-12-08 16:10 ` Colin Walters
2011-12-08 18:14 ` John Stoffel
2011-12-08 18:26 ` Colin Walters
2011-12-09 0:49 ` Sven-Haegar Koch
2011-12-09 14:55 ` John Stoffel
2011-12-09 15:06 ` Colin Walters
2011-12-08 17:04 ` Arnd Bergmann [this message]
2011-12-08 17:15 ` Colin Walters
2011-12-07 19:40 ` Andy Lutomirski
2011-12-08 16:58 ` Colin Walters
2011-12-07 20:34 ` H. Peter Anvin
2011-12-07 20:54 ` Alan Cox
2011-12-15 18:55 ` Andrew G. Morgan
2011-12-16 15:44 ` Colin Walters
2011-12-18 1:22 ` Andrew G. Morgan
2011-12-18 15:19 ` Colin Walters
2011-12-10 5:29 ` Serge E. Hallyn
2011-12-12 16:41 ` Colin Walters
2011-12-12 23:11 ` Serge E. Hallyn
2011-12-15 20:56 ` Colin Walters
2011-12-16 6:14 ` Eric W. Biederman
2011-12-18 16:01 ` Colin Walters
2011-12-19 0:55 ` Eric W. Biederman
2011-12-19 4:06 ` Serge E. Hallyn
2011-12-19 9:22 ` Eric W. Biederman
2011-12-20 16:49 ` Colin Walters
2011-12-20 21:23 ` Colin Walters
2011-12-21 18:15 ` Steve Grubb
2012-01-03 23:13 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201112081704.22453.arnd@arndb.de \
--to=arnd@arndb.de \
--cc=dhowells@redhat.com \
--cc=john@stoffel.org \
--cc=kzak@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=serue@us.ibm.com \
--cc=walters@verbum.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.