On Sun, Feb 01, 2009 at 10:04:09PM -0600, Clark Williams wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> > Hrm, this is kind of scary, mock is trying to prevent this action? The
> > weird thing is that an error is reported that the action was not
> > allowed, yet the end result is that the file is indeed copied. So if
> > we're trying to prevent it, we're not doing a good job.
> >
>
> I tried it on my laptop and the copy didn't happen. Not sure what's
> going on there.
>
> I went back and looked at the commit where I added the copyin/copyout
> options and the uidManager.dropPrivsForever() has always been there.
> I'm considering dropping it for --copyin (where we modify the chroot)
> but not for --copyout (where we modify the actual filesystem).
>
> What do you guys think?
Well, until we come up with a "real" security policy for mock, the above
suggestion sounds reasonable.
--
Michael