On 3 May 2015 06:07:51 CEST, Anders Ingemann <anders@ingemann.de> wrote:
>On 3 May 2015 at 04:43, Eirik Schwenke <debian-lists@s.hypertekst.net>
>wrote:
>>are any plans to make it more usable as a regular user?
>>
>I don't see how. Mounting loopback devices or any other devices for
>that
>matter, requires root privileges.
>Even if one were to just bootstrap to a directory, you'd still need to
>be
>able to change things in the chroot as uid 0, which you can only do as
>root.
>I am all ears regarding suggestions on how to circumvent that of
>course,
>but AFAIK this is not really possible.
I should have been a little more clear:
1) Is there any interest in making bootstrap-vz more suitable to use as a regular user? (Clearly yes, if possible)
2) As bootstrap-vz supports many different image/disk/archive-formats - are things that require root (eg mounting of a loopback device, changing permissions to uid 0 on a mounted filesystem) currently isolated/factored out?
I might prefer running as few codesections under sudo (even if python asks for elevated privileges as needed) - rather than just everything as root. I don't mind (much) trusting bootstrap-vz itself with root, but history shows that zip etc probably shouldn't be trusted (if it can be helped). Also I'd rather not grab things from the net as root if I don't have to. (Note to self: apt probably does this? Or is there an "apt" user?).
3) While it is probably possible in principle to make eg: tgz-based images with very few privileges - that does not mean it is easy (if we want to run regular installers or something close to that) - maybe it'd be possible to leverage fuse for some of this (accessing filesystems on a disk image)?
Changing things to uid 0 in a tar archive obviously does not need root - but a work around might require way too much code. I see the appeal in building the fs in a similar manner for multiple targets.
But, writing all this, and thinking about. I think:
a) For bootstrap-vz, possibly wrapping code that needs root in a call-out to sudo (this should among other things make it easy to log what is done as root ("sudo mount -o loop,uid=x ...") in syslog (in addition to any logging by bootstrap-vz) should probably be enough.
b) If one really wants to build disk-images as a "normal" user, qemu (w/a pre-seeded installer) is probably the only sane choice :)
Thanks for the replies, and sorry for the noise: I always get a bit worried when people expect me to run a large code-base as root. And having played with getting tls to work properly with python and smtp recently, I'm not thrilled by letting that stack loose on my filesystem and the Internet as root.
Best regards,
Eirik Schwenke
--
To UNSUBSCRIBE, email to debian-cloud-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 58E399D7-0EDB-48B6-B89D-60368E0551F8@s.hypertekst.net" target="_blank">https://lists.debian.org/[🔎] 58E399D7-0EDB-48B6-B89D-60368E0551F8@s.hypertekst.net
Is there any interest in making bootstrap-vz more suitable to use as a regular user? (Clearly yes, if possible)
I might prefer running as few codesections under sudo