On Wed, Oct 09, 2019 at 05:51:53PM +0200, Ansgar Burchardt wrote: > While checking the upgrade checklist I noticed this new requirement: > +--- > | 4.9 > | Required targets must not write outside of the unpacked source > | package tree, except for TMPDIR, /tmp and /var/tmp. > +--- > The wording is a bit too strict and should be relaxed. There are > other paths that should be fine to be written to during the build > process, for example /dev/shm, /run/lock[1], or possibly anything > below /proc/<pid> for processes spawned by the build process.
Why do you think package builds should be allowed to use /run/lock? It records system state. The use of /dev/shm is an implementation detail of the shm implementation in libc. I don't think using the shm stuff counts as writing. If you take the strict approach, then writing to stdout and stderr would be forbidden as well. Regards, Bastian -- Ahead warp factor one, Mr. Sulu.
