On 3 May 2015 06:07:51 CEST, Anders Ingemann <[email protected]> wrote:
>On 3 May 2015 at 04:43, Eirik Schwenke <[email protected]>
>wrote:
>>are any plans to make it more usable as a regular user?
>>
>I don't see how. Mounting loopback devices or any other devices for
>that
>matter, requires root privileges.
>Even if one were to just bootstrap to a directory, you'd still need to
>be
>able to change things in the chroot as uid 0, which you can only do as
>root.
>I am all ears regarding suggestions on how to circumvent that of
>course,
>but AFAIK this is not really possible.
I should have been a little more clear:
1) Is there any interest in making bootstrap-vz more suitable to use as a
regular user? (Clearly yes, if possible)
2) As bootstrap-vz supports many different image/disk/archive-formats - are
things that require root (eg mounting of a loopback device, changing
permissions to uid 0 on a mounted filesystem) currently isolated/factored out?
I might prefer running as few codesections under sudo (even if python asks for
elevated privileges as needed) - rather than just everything as root. I don't
mind (much) trusting bootstrap-vz itself with root, but history shows that zip
etc probably shouldn't be trusted (if it can be helped). Also I'd rather not
grab things from the net as root if I don't have to. (Note to self: apt
probably does this? Or is there an "apt" user?).
3) While it is probably possible in principle to make eg: tgz-based images with
very few privileges - that does not mean it is easy (if we want to run regular
installers or something close to that) - maybe it'd be possible to leverage
fuse for some of this (accessing filesystems on a disk image)?
Changing things to uid 0 in a tar archive obviously does not need root - but a
work around might require way too much code. I see the appeal in building the
fs in a similar manner for multiple targets.
But, writing all this, and thinking about. I think:
a) For bootstrap-vz, possibly wrapping code that needs root in a call-out to
sudo (this should among other things make it easy to log what is done as root
("sudo mount -o loop,uid=x ...") in syslog (in addition to any logging by
bootstrap-vz) should probably be enough.
b) If one really wants to build disk-images as a "normal" user, qemu (w/a
pre-seeded installer) is probably the only sane choice :)
Thanks for the replies, and sorry for the noise: I always get a bit worried
when people expect me to run a large code-base as root. And having played with
getting tls to work properly with python and smtp recently, I'm not thrilled by
letting that stack loose on my filesystem and the Internet as root.
Best regards,
Eirik Schwenke
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
https://lists.debian.org/[email protected]
