On Wed, Dec 08, 2010 at 01:50:22PM -0500, James Ralston wrote: > Well, the ultimate protection would be to use this procedure for each > build: > > 1. Instantiate VMs for all architectures specified by the build, > via cloning "known good" build VMs. > > 2. Use koji to build on each VM. > > 3. Destroy each VM that was instantiated. IIRC Seth is working on this. To the original poster: even a VM isn't a completely robust way of preventing root escalations. If the developers are all in your "organization", how about using a cluestick-based method to prevent them doing this? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones New in Fedora 11: Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 70 libraries supprt'd http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
