Source: mini-buildd Version: 1.0.7 Severity: wishlist Hi,
mini-buildd tries bind-mounting /var/lib/mini-buildd/var into the chroot. This exposes /var/lib/mini-buildd/var/chroots to the build process, which might put the other chroots at risk as well. Is that really necessary? Wouldn't it be better to have /var/lib/mini-buildd/var/spool bind-mounted, have the chroot have its own //var/lib/mini-buildd/var/tmp, and to move the logs out of /spool after the chroot has finished working? Greetings Marc -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.2.3-zgws1 (SMP w/6 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
