[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#54786: Installation tests are failing
|
From: |
Maxim Cournoyer |
|
Subject: |
bug#54786: Installation tests are failing |
|
Date: |
Sat, 11 Jun 2022 00:18:16 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) |
Hi Ludo,
Ludovic Courtès <ludo@gnu.org> writes:
[...]
>> When using 'make-forkexec-constructor/container', the clone(2) call
>> happens before switching user, thus as 'root' in Shepherd, which
>> explains why it works.
>
> Damnit, that’s right. For example the result of:
>
> (lower-object (least-authority-wrapper (file-append coreutils "/bin/uname")
> #:namespaces (delq 'user
> %namespaces)))
>
> won’t run as an unprivileged user:
[...]
> I think we would add #:user and #:group to ‘least-authority-wrapper’ and
> have it call setuid/setgid. ‘make-forkexec-constructor’ doesn’t need to
> be modified, but the user simply won’t pass #:user and #:group to it.
OK! I'll adjust the jami-service-type when we get around to implement
the above; for now I've pushed my proposed fix which still uses
'make-forkexec-constructor/container' as
85b4dabd94d53f8179f31a42046cd83fc3a352fc.
Thanks,
Maxim
- bug#54786: Installation tests are failing, Ludovic Courtès, 2022/06/01
- bug#54786: Installation tests are failing, Maxim Cournoyer, 2022/06/01
- bug#54786: Installation tests are failing, Ludovic Courtès, 2022/06/02
- bug#54786: Installation tests are failing, Maxim Cournoyer, 2022/06/02
- bug#54786: Installation tests are failing, Ludovic Courtès, 2022/06/02
- bug#54786: Installation tests are failing, Maxim Cournoyer, 2022/06/04
- bug#54786: Installation tests are failing, Ludovic Courtès, 2022/06/07
- bug#54786: Installation tests are failing, bokr, 2022/06/07
- bug#54786: Installation tests are failing,
Maxim Cournoyer <=