[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: assumptions about the build environment.

On Sat, 2012-09-22 at 01:25 +0200, Bernhard R. Link wrote:
> * peter green <plugwash@p10link.net> [120921 21:26]:
> > I just discovered that on my beagleboard XM (under armhf sid) nacl
> > (which previously build on a debian experimental armhf buildd but
> > not a debian unstable armhf buildd) will build if /sys is mounted
> > but will not build if it is not mounted. Can packages assume that
> > /sys will be mounted in the build environment or not?
> I'm quite suprised to see /sys to be mounted in chroots. Wasn't one
> of the reasons to start /sys and not put the info there in /proc to
> not have to have it available in chroots?

I've never heard that claimed.

> Shouldn't that information about hardware usually be kept away from
> chroots?

Chroots aren't containers.  A chrooted environment can use all CPUs and
all network devices, and programs may expect to find information about
them under sysfs.

If you're concerned about leaking sensitive information to untrusted
processes then procfs is a far, far bigger problem (somewhat mitigated
by hidepid or pid namespaces).


Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: