[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18127 [Tor Browser]: Add LXC support for building with Debian guest VMs

Subject: Re: [tor-bugs] #18127 [Tor Browser]: Add LXC support for building with Debian guest VMs
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 02 Mar 2016 19:04:31 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 02 Mar 2016 14:04:39 -0500
In-reply-to: <042.745cc58abc60131a8f263840de23c208@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.745cc58abc60131a8f263840de23c208@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18127: Add LXC support for building with Debian guest VMs
----------------------------------------------+--------------------------
 Reporter:  gk                                |          Owner:  boklm
     Type:  enhancement                       |         Status:  assigned
 Priority:  High                              |      Milestone:
Component:  Tor Browser                       |        Version:
 Severity:  Normal                            |     Resolution:
 Keywords:  tbb-gitian, TorBrowserTeam201603  |  Actual Points:
Parent ID:                                    |         Points:
  Sponsor:                                    |
----------------------------------------------+--------------------------

Comment (by boklm):

 Replying to [comment:13 boklm]:
 >
 > In tor-browser-builder-3, sudo was used to call vmbuilder. In the new
 version the same thing is done without vmbuilder, but with different sudo
 calls to debootstrap, mount, cp, rm. So it is less easy now to allow only
 specific sudo calls.

 The change from vmbuilder to debootstrap was done with this commit:
 https://github.com/devrandom/gitian-
 builder/commit/af56f89a6acffd363c845a489ec163f0d85d30be
 For this ticket:
 https://github.com/devrandom/gitian-builder/issues/86

 I'm not sure what is the best way to fix this problem. The different
 solutions I can see to fix this are:

 - revert the change to move from vmbuilder to debootstrap. But looking at
 the ticket it looks like we will have problems because of the kernel and
 grup packages installed by vmbuilder, so this probably implies patching
 vmbuilder too.
 - extract the sudo commands from make-base-vm and put them in a script in
 a directory such as /usr/local/sbin that we add to sudoers, then patch
 make-base-vm to use this script with sudo if it exists.
 - giving sudoers access to build users to debootstrap, mount, umount, cp,
 rm commands which is similar to giving full sudoers access

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18127#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #16917 [Tor Browser]: Support torified torsocks ssh -D socks proxy ports (for wingnuts)
Next by Author: Re: [tor-bugs] #18361 [Tor Browser]: Issues with corporate censorship and mass surveillance
Previous by thread: Re: [tor-bugs] #18127 [Tor Browser]: Add LXC support for building with Debian guest VMs
Next by thread: Re: [tor-bugs] #18127 [Tor Browser]: Add LXC support for building with Debian guest VMs
Index(es):
- Author
- Thread