Re: chroot(2) and bind mounts as non-root

From: Arnd Bergmann
Date: Thu Dec 08 2011 - 12:05:28 EST

Next message: Ohad Ben-Cohen: "Re: [PATCH 4/7] amp/omap: add a remoteproc driver"
Previous message: Tony Lindgren: "Re: [PATCH 4/7] amp/omap: add a remoteproc driver"
In reply to: Colin Walters: "Re: chroot(2) and bind mounts as non-root"
Next in thread: Colin Walters: "Re: chroot(2) and bind mounts as non-root"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday 07 December 2011, John Stoffel wrote:
> >>>>> "Colin" == Colin Walters <walters@xxxxxxxxxx> writes:
>
> Colin> I've recently been doing some work in software compilation, and it'd be
> Colin> really handy if I could call chroot(2) as a non-root user. The reason
> Colin> to chroot is to help avoid "host contamination" - I can set up a build
> Colin> root and then chroot in. The reason to do it as non-root is, well,
> Colin> requiring root to build software sucks for multiple obvious reasons.
>
> What's wrong with using 'fakeroot' or tools like that instead? Why
> does the Kernel need to be involved like this? I'm not against your
> proposal so much, as trying to understand how compiling a bunch of
> source requires this change.

I think the better question to ask is what is missing from 'schroot', which
is commonly used for exactly this purpose. Is it just about avoing the
suid bit for /usr/bin/schroot or something else?

Arnd
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ohad Ben-Cohen: "Re: [PATCH 4/7] amp/omap: add a remoteproc driver"
Previous message: Tony Lindgren: "Re: [PATCH 4/7] amp/omap: add a remoteproc driver"
In reply to: Colin Walters: "Re: chroot(2) and bind mounts as non-root"
Next in thread: Colin Walters: "Re: chroot(2) and bind mounts as non-root"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]