Added native utilities to mount/umount/chroot via capabilities(7).
Three new helpers will now be installed into ${libexecdir}:
- xbps-src-capchroot needs to have set CAP_SYS_CHROOT ep.
- xbps-src-chroot-cap{,u}mount: needs to have set CAP_SYS_ADMIN ep.
That means that libcap and setcap(8) are now required to install
xbps-src and use it as normal user.
--HG--
extra : convert_revision : 586d6526079e085f86bf3e393459d429f6f0ef99
This commit is contained in:
Juan RP
parent
6673252679
commit
e3dc3e3066
9 changed files with 293 additions and 34 deletions
|
|
@ -44,19 +44,10 @@ XBPS_COMPRESS_CMD=xz
|
|||
#XBPS_PREFER_BINPKG_DEPS=yes
|
||||
|
||||
#
|
||||
# Build packages with your unprivileged user in the chroot
|
||||
# via capchroot. The only required steps with privileges are
|
||||
# the bind mounts, a helper script (xbps-src-chroot-helper) needs
|
||||
# to be run with sudo for this task.
|
||||
# Build packages with your unprivileged user in the chroot thanks
|
||||
# to POSIX.1e Capabilities as explained in capabilities(7) on GNU/Linux.
|
||||
#
|
||||
# fakeroot is only used for the installation stage via the helper
|
||||
# script xbps-src-doinst-helper.
|
||||
#
|
||||
# capchroot allows ordinary users to use the chroot(2) syscall.
|
||||
# To make this work, uncomment this option and run the following
|
||||
# commands (as root):
|
||||
#
|
||||
# $ setcap cap_sys_chroot=ep /usr/bin/capchroot
|
||||
# $ echo "/path/to/masterdir $(whoami)" >> /etc/capchroot.allow
|
||||
#
|
||||
#XBPS_USE_CAPCHROOT=yes
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue