Hi Thorsten,
Limiting access to the expanded chroot is something that can be done.
I currently use a `build' group and have {mode 750, ug root:build} the
build directory,
were the base tgzs are unpacked as subdirectories, and {mode 2775, ug
root:build}
the result directory, so that pdebuild-internal can copy back resulting
debs.
`build' group members are the developers that can use pbuilder. This is a
separate group
than the one that has sudo rights to run pbuilder (though both have the
same members);
its sole role is to allow write access to the result directory and read
access to the build
directory.
I made this setup recently and maybe it needs some tuning (probably mode 775
for the result directory is enough), but so far packages build successfully
with it.
However, this solution requires the creation of a system group during
pbuilder's installation
and setting permissions to the associated directories. Also whoever uses a
custom directory
setup should afterwards set the above permissions accordingly.
/tmp/buildd is already preserved by the compatibility symlink code inside
pbuilder, in the sense
that it is there after the base tgz unpacking. Even if the compatibility
code is removed, one can
set BUILDDIR=/tmp/buildd in pbuilderrc and have it there, as long as
BUILDDIR is always created
during unpacking. That's why I have shipped the patch with the modified
comments at that point.
Even if a choice is made for pbuilder to support limiting access to the
expanded chroot,
I believe that chroot's temporary directories should be cleaned before
creating the base tgz.
Other things also go there (hookdir, pbuildersatisfydepends package, etc.)
and, since by design
these directories are for temporary stuff, persistence should not be
anticipated.
Cheers,
Georgios
Στις Σάβ 27 Απρ 2024 στις 5:10 μ.μ., ο/η Thorsten Glaser <t...@mirbsd.de>
έγραψε:
> Hi Georgios,
>
> why not just ensure the parent directory of the chroot is not
> traversable for just any normal user?
>
> That would allow preserving /tmp/buildd as build place as well
> as retaining stuff under /run which packages create and which
> is, in practice, often needed for chroots where initscripts are
> not run.
>
> In addition, I often do use the access to the /tmp in the chroot
> for debugging and bootstrapping, so maybe create a new system
> group, chown 0:_pbuilder /var/cache/pbuilder/build; chmod 0750
> that directory, and good is? (Untested.)
>
> Then, I could add my user to that group and continue doing so.
>
> bye,
> //mirabilos
> --
> „Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund,
> mksh auf jedem System zu installieren.“
> -- XTaran auf der OpenRheinRuhr, ganz begeistert
> (EN: “[…]uhr.gz is a reason to install mksh on every system.”)
>
