Subject: Re: Has anyone tried building -current as non-root from scratch recently?
To: NetBSD-current Discussion List <current-users@NetBSD.ORG>
From: Simon Burge <email@example.com>
Date: 03/26/2001 11:37:44
Greg A. Woods wrote:
> [ On Sunday, March 25, 2001 at 19:24:06 (+1000), Luke Mewburn wrote: ]
> > Subject: Re: Has anyone tried building -current as non-root from scratch recently?
> > There's work in progress to enable this, both as a non-root user and
> > in a cross-compile environment. The idea is to be able to build a
> > release into a DESTDIR, and build the tar files (or packages) and
> > any filesystems, all as a non root user.
> I thought about this again the other day while cleaning up the makefiles
> that build i386 floppies. I was about to hack the vnd(4) driver to
> allow anyone with write permission to the device to use it, but I
> realised that that could only make things worse, security-wise.
> I'm now thinking that indeed the best thing would be some change to vnd
> that allowed a non-privileged user to create any filesystem within a
> file image, and to allow that user to set ownerships, permissions, etc.,
> for any file in that filesystem, but to never (in the kernel) heed those
> settings when any access is made to that mounted filesystem (in fact
> maybe only the user who creates the mount will be able to access the
This doesn't help cross-compiles. A better solution is to have a
generic userland tool to build filesystem images so that there are
no kernel dependancies at all. This is part of the "There's work
in progress..." bit that Luke mentioned.
Simon Burge <firstname.lastname@example.org>
NetBSD CDs, Support and Service: http://www.wasabisystems.com/