Mailinglist Archive: opensuse-buildservice (162 mails)

< Previous Next >
Re: [opensuse-buildservice] OBS ARM build discussion I would like to start
Le vendredi 30 décembre 2011 à 15:05 -0300, Cristian Rodríguez a écrit :
On 30/12/11 15:04, Marcus Meissner wrote:
On Fri, Dec 30, 2011 at 03:01:37PM -0300, Cristian Rodríguez wrote:
On 21/12/11 07:34, Joop Boonen wrote:
Hi all,

Currently we have the following problem.
Due to security issues we only have native ARM workers for the internal
openSUSE buildservice. For the external build service we only use qemu.


Huh ? LXC or simple the systemd-nspawn util does not provide enough
security for building packages ?

No.


really ? why ? or we are once again trading usability for paranoia ?

With my "lxc (open)SUSE maintainer hat", I should remind lxc upstream
strongly advise not to use LXC for security purpose, as it doesn't not
prevent (yet) privilege escalation and root separation. I will happen
one day but not yet.

--
Frederic Crozat <fcrozat@xxxxxxxx>
SUSE

--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages