On Fri, Dec 30, 2011 at 03:05:57PM -0300, Cristian Rodríguez wrote:
On 30/12/11 15:04, Marcus Meissner wrote:
On Fri, Dec 30, 2011 at 03:01:37PM -0300, Cristian Rodríguez wrote:
On 21/12/11 07:34, Joop Boonen wrote:
Hi all,
Currently we have the following problem. Due to security issues we only have native ARM workers for the internal openSUSE buildservice. For the external build service we only use qemu.
Huh ? LXC or simple the systemd-nspawn util does not provide enough security for building packages ?
No.
really ? why ? or we are once again trading usability for paranoia ?
We currently consider it not being able to confine root processes. If you can think a method where you can do the full build process as non-root it might be usable. https://bugzilla.novell.com/show_bug.cgi?id=708989 is our audit tracker bug, but we really have not looked that deep. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org