On Sat, 2012-09-22 at 01:25 +0200, Bernhard R. Link wrote: > * peter green <plugwash@p10link.net> [120921 21:26]: > > I just discovered that on my beagleboard XM (under armhf sid) nacl > > (which previously build on a debian experimental armhf buildd but > > not a debian unstable armhf buildd) will build if /sys is mounted > > but will not build if it is not mounted. Can packages assume that > > /sys will be mounted in the build environment or not? > > I'm quite suprised to see /sys to be mounted in chroots. Wasn't one > of the reasons to start /sys and not put the info there in /proc to > not have to have it available in chroots? I've never heard that claimed. > Shouldn't that information about hardware usually be kept away from > chroots? Chroots aren't containers. A chrooted environment can use all CPUs and all network devices, and programs may expect to find information about them under sysfs. If you're concerned about leaking sensitive information to untrusted processes then procfs is a far, far bigger problem (somewhat mitigated by hidepid or pid namespaces). Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse.
Attachment:
signature.asc
Description: This is a digitally signed message part