Jeff Spaleta wrote:
2008/1/24 Jesse Keating <jkeating@xxxxxxxxxx>:
Maybe I missed that, but every /rpm/ is buildable by non-root. It's
when you start talking about /composing/ releases and Live images that
root privs are needed (or enoug privs to make loopback devices).
make loopback devices.... does fuse provide a non-root way to deal
with this here?
I think there are historical threads about the security/code-quality and
how it related to the decision of requiring root to add users to the
fuse group. Sounded like fuse might get the job done someday, but
someday wasn't quite here yet.
Still, for doing composes as non-root I like my qemu 'qfakeroot', as it
handles everything nicely (but slowly). I.e. I imagine running into
headaches getting rpm post scripts running as non-root in a target dir,
using something like traditional fakeroot to deal with file ownerships.
And of course coming full circle, then there would still be the
selinux issues in this non-root fuse-using quasi-chroot hypothetical
compose beast...
-dmc
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
