orion@xxxxxxxxxxxxx (Orion Poplawski) writes:
> File "/usr/bin/mock", line 364, in _umount
> raise Error, "could not umount %s error was: %s" % (path, output)
> __main__.Error: could not umount proc error was: mock-helper: error:
> /export/mock/fedora-5-i386-core/root/proc: not under allowed directory
> (/var/lib/mock)
Caused by too much security checks at the wrong place ('mock-helper
chroot ...' gives full control over the system, so these path-checks
(which can be workarounded with symlinks) are senseless). Best thing for
functionality would be:
* execute mock in an own namespace; so you do not have to care about
unmounting
* do the mounting nativly (call 'mount(2)' instead of exec(2) the 'mount'
command)
* for all other commands, do just an 'execv(argv[1], argv+1)' in
mock-helpers main() routine
Patches for the first two points are existing already.
Enrico
Attachment:
pgpfyWQktdTAr.pgp
Description: PGP signature
