Spec URL: http://fedorapeople.org/~walters/linux-user-chroot.spec SRPM URL: http://fedorapeople.org/~walters/linux-user-chroot-2012.1-1.fc16.src.rpm Description: This is a helper program for calling chroot(2) as a non-root user. It should NOT be installed by default; only install this on systems for which local, authenticated denial of service attacks are not a serious concern.
Some concerns were raised about adding a new setuid binary. Basically, my thoughts on this are: * Conceptually this program doesn't allow a user to purely gain priviliges; it's a trade of ability to execute other setuid binaries for the ability to call chroot() and make bind mounts. So it's not like e.g. NetworkManager where the user formerly couldn't control the network, now they can. By the nature of the tool, it's only designed to *limit* privileges for the child it runs. For example, it allows callers to have no networking stack. * I believe this binary is will not be a part of a privilege escalation chain that's not possible to reach with any other setuid binary installed by default (/bin/mount, /usr/sbin/seunshare) for example. * We *could* offer a configure option to use PolicyKit but it'd be really invasive...I'd do it if this was blocked getting into Fedora, but the precedents of seunshare and mount exist.
Does this wrapper add new functionality wrt to existing schroot(1) ? http://pkgs.fedoraproject.org/gitweb/?p=schroot.git schroot offers non-root users the ability to use chroots that were pre-configured for them by root -- thereby bypassing most of the security concerns.
(In reply to comment #2) > Does this wrapper add new functionality wrt to existing schroot(1) ? > http://pkgs.fedoraproject.org/gitweb/?p=schroot.git Yes, > schroot offers non-root users the ability to use chroots that > were pre-configured for them by root -- thereby bypassing > most of the security concerns. The operative phrase here is "were pre-configured for them by root". linux-user-chroot requires no such thing.
New spec URL: http://fedorapeople.org/~walters/ostree/linux-user-chroot.spec New SRPM URL: http://fedorapeople.org/~walters/ostree/linux-user-chroot-2012.2-1.fc17.src.rpm
imho the naming is unwieldy . "uchroot" ? Also no changelog. Which I hope we get to at some point, but I don't think koji or the guidelines are there yet.
(In reply to comment #5) > imho the naming is unwieldy . "uchroot" ? Eh...I'm not going to rename it now honestly. The real endgame hopefully is that the kernel allows this by default, and this tool can go away. i.e. one could use the "chroot" and "unshare" binaries that already exist. However, the issue with doing that is resource controls. It's a *really* hard problem. In the meantime, I rely heavily on this tool for doing software builds as non-root on systems where I don't have untrusted users that might want to DoS the machine. > Also no changelog. Which I hope we get to at some point, but I don't think > koji or the guidelines are there yet. I'll add one when the package is approved.
There might be an argument that setuid programs need special FESCO/security consideration before being accepted in the collection, but I think it should apply only to packages that are installed by default in some of the official spins. I am approving the package given that: - You'll fix the License: tag which currently says LGPL2v+, the source is GPLv2+ - You'll add a changelog - You'll fix the Source: line - s/2012.1/2012.2/ - You'll consider removing the rm -rf $RPM_BUILD_ROOT parts which are not needed in fedora or el6 Otherwise the source matches, the package builds in mock and seems to work, doesn't conflict with anything existing.
New Package SCM Request ======================= Package Name: linux-user-chroot Short Description: Helper program for calling chroot(2) as non-root Owners: walters Branches: f17 f18 el6 InitialCC:
Git done (by process-git-requests).
Thanks!
Package Change Request ====================== Package Name: linux-user-chroot New Branches: el7 Owners: walters InitialCC: