On Thu, Jul 25, 2019 at 2:18 PM Johannes Schauer wrote: > But you'd have to ask somebody who is more knowledgable about the security > implications of such a change. There certainly is a reason why #898446 is > still > open. > > Furthermore, since buildds currently use the schroot backend, I guess that > buildd admins already took all necessary precautions to secure their systems > against arbitrary code running as part of the package build process. I do not > know what benefit the "unshare" backend would have for buildds.
I think my mental model of what the "unshare" backend does was incorrect. I didn't think it needed #898446 to be closed. I assumed it was just like schroot except with the addition of moving all processes run within the chroot into a separate network/process/mount/etc namespace with no access to the host namespaces. The primary advantage of this would be to isolate the build chroot from the network. Perhaps schroot is the component that should be adding support for separate network/process/mount/etc namespaces? -- bye, pabs https://wiki.debian.org/PaulWise