Greg A. Woods wrote:

> [ On Sunday, March 25, 2001 at 19:24:06 (+1000), Luke Mewburn wrote: ]
> > Subject: Re: Has anyone tried building -current as non-root from scratch recently?
> >
> > There's work in progress to enable this, both as a non-root user and
> > in a cross-compile environment. The idea is to be able to build a
> > release into a DESTDIR, and build the tar files (or packages) and
> > any filesystems, all as a non root user.
> 
> I thought about this again the other day while cleaning up the makefiles
> that build i386 floppies.  I was about to hack the vnd(4) driver to
> allow anyone with write permission to the device to use it, but I
> realised that that could only make things worse, security-wise.
> 
> I'm now thinking that indeed the best thing would be some change to vnd
> that allowed a non-privileged user to create any filesystem within a
> file image, and to allow that user to set ownerships, permissions, etc.,
> for any file in that filesystem, but to never (in the kernel) heed those
> settings when any access is made to that mounted filesystem (in fact
> maybe only the user who creates the mount will be able to access the
> contents).

This doesn't help cross-compiles.  A better solution is to have a
generic userland tool to build filesystem images so that there are
no kernel dependancies at all.  This is part of the "There's work
in progress..." bit that Luke mentioned.

Simon.
--
Simon Burge                            <simonb@wasabisystems.com>
NetBSD CDs, Support and Service:    http://www.wasabisystems.com/