Re: [BuildStream] Sandboxing backends and platforms: Drop chroot in favor of buildbox-run
- From: tristan maat codethink co uk (Tristan Daniël Maat)
- To: buildstream-list gnome org
- Subject: Re: [BuildStream] Sandboxing backends and platforms: Drop chroot in favor of buildbox-run
- Date: Fri, 20 Dec 2019 11:27:45 +0000
Hi,
I'd like to encourage users on non-Linux platforms to test and
contribute documentation how to set up BuildStream with buildbox-run.
As a note for anyone attempting this, since there is no real
documentation yet, we have a docker image configuration in [1] that
describes the installation process, and we have invocations in our test
suite in [2] that show how this can be used.
In essence, a directory with permissions set according to the userchroot
project's scheme [3] must be set up, and configured as a possible root
directory in /etc/userchroot.conf. buildbox-run-userchroot must then be
setuid'd to the user who has permissions to use that userchroot root
directory. It's not exactly as nice as user namespaces, but should be
safer than the old chroot sandbox.
Maybe I'll have some time over Christmas to get some real documentation
for this in, too ;)
On that note, I'd really like to deprecate the old chroot sandbox, for
all the reasons you mention, Jürg. It was always just a crutch for
someone who really needed to do cross platform builds to start with.
Tristan
[1]: https://gitlab.com/BuildStream/buildstream-docker-images/blob/master/templates/testsuite_images.yml#L62
[2]:
https://gitlab.com/BuildStream/buildstream/blob/bb93d63fd9a081eef14c20bec818d60084d065c3/.gitlab-ci.yml#L127
[3]: https://github.com/bloomberg/userchroot
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
