-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike McLean wrote: > Clark Williams wrote: >> Note that the program makes use of Linux namespaces. This *should* >> make our handling of mount points within the chroot (/proc, /sys, >> etc.) a bit easier to clean up, since when the process dies the mounts >> should just go away. I haven't verified this though, so caveat emptor. > > Using namespaces does not relieve us of managing our mounts. For > example, mock.py still needs to make sure the mounts are gone before > attempting to remove a buildroot. It mainly serves as a safety net. > I suppose I should have said "if the process terminates abnormally" as opposed to "when the process dies". I realize that we can't whack a directory that still has a mount on/in it and that namespaces do nothing for us there.
>> #ifdef USE_SELINUX >> // add LD_PRELOAD for our selinux lib if selinux is in use is set > > I don't think the SELINUX preload needs to be done here anymore. > mock.py can set it up when running mock-yum if need be. Yeah, I meant to ask that on my original email. I didn't build the new mock.c with USE_SELINUX enabled, because I wasn't sure if we were going to need it, or if we were going to push forward with a mock SELinux policy, or something completely different. I will admit to not having paid the closest attention to all the SELinux traffic on the lists lately... :). As I recall, we do an LD_PRELOAD of our .so before going into the chroot, so that selinux is effectively disabled in the chroot. Personally, I think that SELinux is a bit of overkill inside a chroot, but someone running at a high-security facility may feel differently. I'm ok with letting mock.py manage the addition of LD_PRELOAD to the chroot and moving it out of the launcher. The code is only complete when you can remove no more... Clark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEkHXpHyuj/+TTEp0RAma5AJ9RHCWo+SA/JQGOo8naNO5kafUK9ACeK8on IUkEUflC8a5xuzB9PqmGcHE= =QV9c -----END PGP SIGNATURE----- -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
