[Piuparts-devel] Bug#710860: we can+should do something about this

Andreas Beckmann anbe at debian.org
Mon Jun 3 11:29:09 UTC 2013


On 2013-06-03 13:03, Holger Levsen wrote:
> well, there are certain known bind mounts (eg /dev, /home or /var/cache/apt) 
> which we know we absolutly don't want and error+exit if we find those.

+1
+ /tmp (piuparts uses /tmp/scripts and maybe more)

and /, /usr, /etc, ... where to stop?

while it may appear tempting, we shouldn't make these prefix patterns
(while we might want to forbid /home/$LOGNAME, we should allow
/home/$LOGNAME/work/debian/foo/scratch-repo4)

> Or we can always exit when we find bind mounts which we didnt explicitly 
> allow.

NACK. Would break --bindmounts /tmp/repo --testdebs-repo /tmp/repo
Or maybe good idea. What would you whitelist?


Andreas



More information about the Piuparts-devel mailing list