Mailinglist Archive: opensuse-buildservice (166 mails)

< Previous Next >
Re: [opensuse-buildservice] run commands from spec file as root
On Wednesday 14 May 2014, Adrian Schröter wrote:
On Mittwoch, 14. Mai 2014, 09:17:08 wrote Lars Weber:
I use a package root4abuild created via attached spec-file.
Use this package as a build-requirement for your package
and you can gain root-rights for abuild via sudo during
the build-process.

Might be a little bit ugly but works for me.

Thanks Lars! This should do it for me.

You should make sure not to publish that package, because
a user would create a security hole in his system.

I'd like to protect local builds in chroot too to not crash my
own or other's systems. Can I find out whether the spec file is running
on OBS to disable sudo if not?

Also the package will never be accepted in Factory.
So if your goal is to create an official package
you should look for another solution :)

For me there is no other solution. I want to run "util-linux" advanced
test-suite as root to see more issues. For now just for debugging but
if it turns out to be useful I would like to have it "upstream" in
Base:System. Maybe another project "util-linux-testsuite" which does
not goes to Factory?

IMO this is a general use case, worth to think about, see for example
$ osc rbl -s Base:System coreutils-testsuite openSUSE_Factory i586 |\
grep "must be run as root"
setgid.sh: skipped test: must be run as root
basic.sh: skipped test: must be run as root
cp-a-selinux.sh: skipped test: must be run as root
preserve-gid.sh: skipped test: must be run as root
special-bits.sh: skipped test: must be run as root
cp-mv-enotsup-xattr.sh: skipped test: must be run as root
capability.sh: skipped test: must be run as root
skip-seek-past-dev.sh: skipped test: must be run as root
problematic-chars.sh: skipped test: must be run as root
bind-mount-dir-cycle.sh: skipped test: must be run as root
install-C-root.sh: skipped test: must be run as root
capability.sh: skipped test: must be run as root
nameless-uid.sh: skipped test: must be run as root
chcon.sh: skipped test: must be run as root
chroot-credentials.sh: skipped test: must be run as root
selinux.sh: skipped test: must be run as root
truncate-owned-by-other.sh: skipped test: must be run as root
writable-under-readonly.sh: skipped test: must be run as root
sticky-to-xpart.sh: skipped test: must be run as root
fail-2eperm.sh: skipped test: must be run as root
no-give-up.sh: skipped test: must be run as root
one-file-system.sh: skipped test: must be run as root
read-only.sh: skipped test: must be run as root
append-only.sh: skipped test: must be run as root
now-owned-by-other.sh: skipped test: must be run as roo

(It is not an issue for OBS, since we use KVM/XEN
secured environments in case you wonder)

Do you know whether these ones would work on OBS?:
modprobe loop
losetup ...
modprobe scsi_debug

I know it does not work for certain other secured VMs.

cu,
Rudi
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups