On Fri, 2005-07-29 at 19:21 +0200, Enrico Scholz wrote:
> orion@xxxxxxxxxxxxx (Orion Poplawski) writes:
>
> > File "/usr/bin/mock", line 364, in _umount
> > raise Error, "could not umount %s error was: %s" % (path, output)
> > __main__.Error: could not umount proc error was: mock-helper: error:
> > /export/mock/fedora-5-i386-core/root/proc: not under allowed directory
> > (/var/lib/mock)
>
> Caused by too much security checks at the wrong place ('mock-helper
> chroot ...' gives full control over the system, so these path-checks
> (which can be workarounded with symlinks) are senseless). Best thing for
> functionality would be:
>
> * execute mock in an own namespace; so you do not have to care about
> unmounting
> * do the mounting nativly (call 'mount(2)' instead of exec(2) the 'mount'
> command)
> * for all other commands, do just an 'execv(argv[1], argv+1)' in
> mock-helpers main() routine
>
> Patches for the first two points are existing already.
where?
-sv
