[systemd-devel] Compiling in a sandbox

Ozan Çağlayan ozan at pardus.org.tr
Thu Jul 8 23:48:13 PDT 2010


Cuma 09 Temmuz 2010 günü (saat 01:06:03) Lennart Poettering şunları yazmıştı:
> On Thu, 08.07.10 23:51, Ozan Çağlayan (ozan at pardus.org.tr) wrote:
> > None, as it seems that we did not hit that bug. Look I admit that
> > doing things on behalf of the root user is bad, is evil, is not
> > recommended. But okay it is under my responsibility, isn't it? (BTW
> > that bug wouldn't cause me harm as we're using a sandbox.)
> 
> Just out of curiosity, what kind of "sandbox" is this? I mean, it
> appears a bit strange to me to do sandboxing by running things as
> root. Is that a simple chroot?

It's a ptrace based sandbox which intercepts system calls and avoids accesses 
outside of the directory (under /var) where the packages are compiled and 
installed.

---
Ozan Çağlayan
TUBITAK/UEKAE - Pardus Linux
http://www.pardus.org.tr/eng


More information about the systemd-devel mailing list