[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: More pbuilder use!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bastian Blank <waldi@debian.org> writes:

> On Tue, Aug 23, 2005 at 05:04:57PM +0100, Roger Leigh wrote:
>> Not a kernel feature, but see
>>   http://packages.debian.org/unstable/admin/schroot
>
> Does not help, each chroot needs to be setup by root and you need root
> priviledges to install packages in it.

You can give root privs to users just inside the chroot.  That's what
root_groups is for in the config file.  The user doesn't need full
root access to the host system (like with plain sbuild, which requires
full sudo privs), though obviously it's still possible to subvert, but
not as simple as with sudo.  Either way, not something for untrusted
users to have access to, but schroot does at least give you a bit more
safety.

Once it has Xen capability, it will give each user their own personal
Xen instance.  This will be created on the fly from e.g. an LVM
snapshot or unionfs, but this can be configurable.


Regards,
Roger

- -- 
Roger Leigh
                Printing on GNU/Linux?  http://gimp-print.sourceforge.net/
                Debian GNU/Linux        http://www.debian.org/
                GPG Public Key: 0x25BFB848.  Please sign and encrypt your mail.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQFDC4NYVcFcaSW/uEgRAnSAAKCKdscIjxyrTl3cOVOEPX/BdI7GlACgg5xo
pYpCULVsUC42xO0rOqcYmA0=
=ObRb
-----END PGP SIGNATURE-----
Reply to: