Re: chroot(2) and bind mounts as non-root

From: Colin Walters
Date: Thu Dec 08 2011 - 12:15:38 EST


On Thu, 2011-12-08 at 17:04 +0000, Arnd Bergmann wrote:

> I think the better question to ask is what is missing from 'schroot', which
> is commonly used for exactly this purpose. Is it just about avoing the
> suid bit for /usr/bin/schroot or something else?

The trust model for schroot is that it only allows executing code
downloaded from URLs in /etc/schroot/schroot.conf. That means it
requires root for the initial setup to edit that config file, which
disqualifies it from my use case (no part of the compilation should
require root).

In my approach, you can keep the OS tree (/usr/include, /usr/bin/gcc)
owned by the user - there is absolutely no root-owned process running
under any indirect control of the user (except the tiny bit for my new
setuid binary).

Now ultimately to *run* your installed program locally (say you're
hacking on a system daemon like gdm), then clearly you need root. But
nothing before that should. And if you're not running it locally (e.g.
you're cross compiling, running a build server which distributes
binaries to other machines), then there is no root required.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/