[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

kernel 2.5.73+, fakeroot, debuild - a small problem



Hey list,

  Running debuild as normal user under the 2.5.73+ kernel results in fakeroot
actually setting the file ownership to root (or any other uid/gid for that
matter). The result is that the parts which don't run under fakeroot - 
e.g. debian/rules won't be able to write to the debian/packagename/ subdirs sometimes. 
It happens only when the filesystem on which the build is taking place is XFS. 
This is due to the restrict_chown sysctl which was present in XFS before but never 
actually implemented. Starting with 2.5.73 XFS does use the setting which works in
the way that allows the owner of the directory to give away its
subdirectories/files to other users. If restrict_chown is enabled then the
old behavior is back, however it defaults to disabled.
  The problem will affect any situation which involves using fakeroot or
other similar packages. I see several solutions to that problem, but none of
them seem perfect:

  1. Warn the users about the above issue and have them always use fakeroot
     explicitly in situations like building a deb. This is the worst
     solution, I think, as it would require all of the debian source
     packages to be modified.

  2. Modify fakeroot to check the kernel version, the type of fs on which it
     is currently working and have it issue a sysctl to enable
     restricted_chown. It looks better than #1 but it might incurr
     performance penalty. OTOH, this solution would be the most painless for
     the users and the most seamless.

  3. Modify debuild or even dpkg-buildpackage to do what fakeroot would do
     in #2. It would be a partial solution since it would affect only the
     deb build process.

  4. Add code to /etc/init.d/ (mountfs.sh or mountall.sh) to perform the
     checks from #2 and enable the restricted chown. This would be the most
     global solution effectively setting a policy for Debian systems. It
     would have the additional effect of maintaining consistency with the
     old behavior and other filesystems.

  5. Influence the XFS/kernel maintainers to change the default value of
     restrict_chown to enabled.

  Comments?

marek

Attachment: pgpZLiTqc0fVv.pgp
Description: PGP signature


Reply to: