[systemd-devel] Compiling in a sandbox
Lennart Poettering
lennart at poettering.net
Thu Jul 8 15:02:13 PDT 2010
On Thu, 08.07.10 23:26, Ozan Çağlayan (ozan at pardus.org.tr) wrote:
> On 08.07.2010 22:57, Lennart Poettering wrote:
> > On Thu, 08.07.10 19:11, Ozan Çağlayan (ozan at pardus.org.tr) wrote:
>
> >>
> >> Note that this is built as root too.
> >
> > Don't build this as root, please.
> >
> > Lennart
> >
>
> But hey I know that it's not good, preferable, safe to build packages
> as root *but* that's what we are doing as a distribution since 5
> years. We know that we have to fix this but really what is the thing
> that avoids me to build systemd as root? Do we really need to mount
> the cgroup stuff over /? You previously said that this will go away
> with the released tarballs. If it's something like a check that what
> kind of cgroup facilities are available, can't that be mounted under a
> given mount point or under /tmpfs?
Well, there's a bit of a chicken and egg problem: we need the API file
systems (/sys, /dev, yadda yadda) to figure out the mode we are running
in, and so we mount them. And then when we figured out the mode we are
running in we notice that we have been invoked solely to dump the
introspection data and then do this. That is executed as part of the
build process to get introspection data to install in the D-Bus
introspection repository.
I was originally thinking of simply shipping these introspection files
with the tarballs, and not rebuild them in your case, but I am not
really sure how to do this best, since I don't want to use the
maintainer mode stuff to figure out whether to build those files or
not. In contrast to the XSLT stuff (where we ship pre-built man pages)
we cannot bind this logic to whether we find generating tool (xsltproc
in the case of the man pages) or not -- since the generating tool is
systemd itself.
A thinkable alternative would be if we could extract this information
directly from the ELF file, without having to execute it. That would
probably be useful when cross-building systemd. But I am not aware of
any somewhat standard tool to extract data fields from ELF
files. Anyone?
> And I don't really get the logic of creating a folder in / and
> mounting something under it if I am root and not doing that if I am
> not. Is systemd trying to mount /cgroup because he thinks that being
> run as root means that he'll really be doing its real stuff? If yes,
> is it too difficult to add a parameter like --dry-run which won't
> forcely mount that /cgroup think? This way the build system can pass
> --dry-run to avoid violating sandbox.
Well, there's the chicken and egg problem again: we parse our own cmdline
only after having parsed the kernel cmdline which we need the API file
systems for. And hence it is too late then to know that we shouldn't
have mounted the API file systems in the first place.
But anyway, I have now added an env var for you. Simply set
$SYSTEMD_SKIP_API_MOUNTS and systemd won't try to mount them.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list