Le vendredi 30 décembre 2011 à 15:05 -0300, Cristian Rodríguez a écrit :
On 30/12/11 15:04, Marcus Meissner wrote:
On Fri, Dec 30, 2011 at 03:01:37PM -0300, Cristian Rodríguez wrote:
On 21/12/11 07:34, Joop Boonen wrote:
Hi all,
Currently we have the following problem. Due to security issues we only have native ARM workers for the internal openSUSE buildservice. For the external build service we only use qemu.
Huh ? LXC or simple the systemd-nspawn util does not provide enough security for building packages ?
No.
really ? why ? or we are once again trading usability for paranoia ?
With my "lxc (open)SUSE maintainer hat", I should remind lxc upstream
strongly advise not to use LXC for security purpose, as it doesn't not
prevent (yet) privilege escalation and root separation. I will happen
one day but not yet.
--
Frederic Crozat