[Buildbot-devel] Running buildslaves in chroot

Michael Hansen michael.schacht.hansen at gmail.com
Mon Dec 1 13:42:42 UTC 2014


Hi Benoit,

Thank you for the suggestion. Latent slaves doesn't really solve the
problem, does it? Isn't that the same safety profile as a chroot jail
fundamentally? You would still have something running as root in that
latent slave? And docker is not really a good option for me right now,
since I run a lot of stuff on the GPU and that doesn't work as well in
docker (and has to run as root to work at all).

Michael

On Mon, Dec 1, 2014 at 5:47 AM, Benoît Allard <benoit.allard at greenbone.net>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/29/2014 09:46 PM, Michael Hansen wrote:
> > Hi,
> >
> > I have been using buildbot a while now, it has been a great help to
> > our project.
> >
> > I am looking to add some sophistication to our setup and I am
> > considering running the buildslaves in chroot environment to a) be
> > able to build for multiple distros/releases on the same host, b)
> > isolate the build slaves from the main system, and c) run a few
> > build steps as root (we generate some distribution images and root
> > privileges are needed to run some of the tools, e.g. debootstrap
> > and others).
>
> Have you thought of using docker latent slaves ? Is is only available
> in the master branch, but backporting it to eight shouldn't be too
> much of a trouble.
>
> >
> > In my buildslaves i need access to the /proc (for some GPU unit
> > tests) filesystem so I mount that in the chroot environment but
> > other than that the slave does not have access to the main system.
> >
> > My question is, is this safe? Are there any security issues with
> > running in a chroot jail or is it inherently safer than running it
> > in the main system?
> >
> > Thanks, Michael
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> >
> >
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> > from Actuate! Instantly Supercharge Your Business Reports and
> > Dashboards with Interactivity, Sharing, Native Excel Exports, App
> > Integration & more Get technology previously reserved for
> > billion-dollar corporations, FREE
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
> >
> >
> >
> >
> > _______________________________________________ Buildbot-devel
> > mailing list Buildbot-devel at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/buildbot-devel
> >
>
>
> - --
> Benoît Allard (B30A05B0)|Greenbone Networks GmbH|http://greenbone.net
> Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
> Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iQEcBAEBAgAGBQJUfEdBAAoJEHZCfVOzCgWwyXIIAIZeeKUGM/OA8qRRaedhev6b
> oSAci/EGCVVj+Cm1u7bhscTue+07RrbB1yWpXVilMu8bBDZ477NaVOGBQ5wao6BO
> t/EgYaIVj3QnxSKk+NhoIIuuzY5oVZcje1O6I9nHkTo/JOt0h0c5y0UadcsIWT9t
> SydJG1Ln7Xdn1/M3IHme1GUILaLao6zup6oXH502GCOCzh/+R/UlspZzvupiiEZa
> kCnosxQbEDyGOxIG7Z0jyziIRHeL44ljzxUgwuNoekOlv8ZxKajf9A6DdxDOJ+xE
> aLHyP6s31eHEwHRDsMKl0NpNOFwANj13r6ZtluN7VHrFKAnKS5JIyqfEc5Ppaa0=
> =o1r3
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://buildbot.net/pipermail/devel/attachments/20141201/8615cb59/attachment.html>


More information about the devel mailing list