[Piuparts-devel] Bug#710860: we can+should do something about this
Andreas Beckmann
anbe at debian.org
Mon Jun 3 11:29:09 UTC 2013
On 2013-06-03 13:03, Holger Levsen wrote:
> well, there are certain known bind mounts (eg /dev, /home or /var/cache/apt)
> which we know we absolutly don't want and error+exit if we find those.
+1
+ /tmp (piuparts uses /tmp/scripts and maybe more)
and /, /usr, /etc, ... where to stop?
while it may appear tempting, we shouldn't make these prefix patterns
(while we might want to forbid /home/$LOGNAME, we should allow
/home/$LOGNAME/work/debian/foo/scratch-repo4)
> Or we can always exit when we find bind mounts which we didnt explicitly
> allow.
NACK. Would break --bindmounts /tmp/repo --testdebs-repo /tmp/repo
Or maybe good idea. What would you whitelist?
Andreas
More information about the Piuparts-devel
mailing list