On Mon, 8 Nov 2010, Jeff Johnson wrote:
> I quibble with "non-trivial": its entirely feasible to prefix
> a path prefix to every open(2)/execv(2) call done by RPM with
> using chroot(2).
chroot requires root privilege. If enabled by a setuid program,
it is non-trivial to make a chroot environment secure. I don't
think chroot is required to make it work.
> Why bother with kludges? And multiple rpmdb's is just a loop, all
> RPM versions (since Berkeley DB was added) have multiple open's
> of the /var/lib/rpm DBENV, one for Pubkeys, the other for
> packaging releated indices. All that's needed is to handle different
> paths, one for "system", the other for "user" non-root, stores
> and work through the access patterns.
Yes, that is the key feature required in RPM proper. If the original
poster would present his use-case, that might help determine the
general usefulness of such a feature to RPM based systems.
--
Stuart D. Gathman <stuart@xxxxxxxx>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxxxxx
http://lists.rpm.org/mailman/listinfo/rpm-list
