Mailinglist Archive: opensuse-buildservice (96 mails)

< Previous Next >
Re: [opensuse-buildservice] sudo inside worker
2015-10-19 10:01 GMT+03:00 Adrian Schröter <adrian@xxxxxxx>:
On Samstag, 17. Oktober 2015, 12:36:21 CEST wrote Matwey V. Kornilov:
2015-10-17 12:31 GMT+03:00 Bernhard Voelker <mail@xxxxxxxxxxxxxxxxxxx>:
On 10/16/2015 07:20 PM, Matwey V. Kornilov wrote:
What is the recommended way to obtain root privileges when package is
being build?
A unit-test in bedup (btrfs deduplication tool) package needs to mount
image using loop device and this requires sudo.


+1
I've asked this already several times for the coreutils-testsuite which
also has some 'require_root' tests.
There doesn't seem to a be an official way yet, but you can search for
the "root4abuild" package which modifies the sudoers file (rudi_m pointed
that out) ... this is clearly for test purposes only.
But I'd also be interested in "the official way".

Nice, thanks. I think it is right approach.

There is not really an official way.

We do maintain a list of package names which are allowed to get root access
on the server side. But that is more for historic reasons.

The main reason behind this is that the resulting source rpm might be
dangerous. It can modify the system when a user is recompiling it.
So we like to avoid it as much as possible.

Sure, but every source rpm can be dangerous because it is executable
script by essence. rm -rf ~/* is dangerous enough and doesn't not
require root access. You are in safe only if you run rpmbuild in
container.

We may offer a root switch for QA stuff later on once we work on QA
functionality though ...

--

Adrian Schroeter
email: adrian@xxxxxxx

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB
21284 (AG Nürnberg)

Maxfeldstraße 5
90409 Nürnberg
Germany





--
With best regards,
Matwey V. Kornilov
http://blog.matwey.name
xmpp://0x2207@xxxxxxxxx
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups