Hi Thorsten,
Limiting access to the expanded chroot is something that can be done.
I currently use a `build' group and have {mode 750, ug root:build} the
build directory,
were the base tgzs are unpacked as subdirectories, and {mode 2775, ug
root:build}
the result directory, so that
Hi Georgios,
why not just ensure the parent directory of the chroot is not
traversable for just any normal user?
That would allow preserving /tmp/buildd as build place as well
as retaining stuff under /run which packages create and which
is, in practice, often needed for chroots where
The attached patch removes, during the recreation of base tgz,
all files from /tmp and /var/tmp (which is also world-writable).
It is made for the git version at salsa.debian.org but can also be applied
to the current (0.231) version as-is.
I have also modified a comment during the creation of
3 matches
Mail list logo