[Buildbot-devel] Running buildslaves in chroot

Sat Nov 29 21:29:51 UTC 2014

I guess my problem is that I would like to run things like debootstrap,
install packages, etc as part of the build process. So I would like for the
buildsystem to be able to do that. So clearly that is not ideal. But given
that a limited number of people can commit code and they all have root
access to the build system already (ie if they wanted to do something
malicious, there would be easier ways), does it add any additional risk to
run it as root in a chroot environment? The chroot environment would just
prevent anybody from accidentally wiping out the build host.

On Sat, Nov 29, 2014 at 4:22 PM, Dan Kegel <dank at kegel.com> wrote:

> Neither.  Run it as a normal user in an lxc environment (ideally an
> ephemeral one).
>
> Of course, that's only slightly more secure than running as a normal
> user in the main system, but it's something.
>
> On Sat, Nov 29, 2014 at 1:11 PM, Michael Hansen
> <michael.schacht.hansen at gmail.com> wrote:
> > Hi Dan,
> >
> > Thank you for your comments. Nothing is ever really perfectly safe. I
> guess
> > my question could also be rephrased as: what is best from a security
> > perspective? A) running buildslave as a regular user in the main system
> or
> > B) running it (as root) in a chroot environment?
> >
> > On Sat, Nov 29, 2014 at 4:01 PM, Dan Kegel <dank at kegel.com> wrote:
> >>
> >> I've been doing this with linux containers for some time.
> >>
> >> Containers are not yet a security solution.  You can escape out of a
> >> chroot jail (the exploit's a bit different for lxc containers, but
> >> still available).
> >>
> >> But it's worth it just for the isolation alone; my builds need to
> >> install debian packages, and I use ephemeral lxc containers for the
> >> linux buildslaves to get a fresh vanilla system every time.
> >>
> >>
> >> On Sat, Nov 29, 2014 at 12:46 PM, Michael Hansen
> >> <michael.schacht.hansen at gmail.com> wrote:
> >> > Hi,
> >> >
> >> > I have been using buildbot a while now, it has been a great help to
> our
> >> > project.
> >> >
> >> > I am looking to add some sophistication to our setup and I am
> >> > considering
> >> > running the buildslaves in chroot environment to a) be able to build
> for
> >> > multiple distros/releases on the same host, b) isolate the build
> slaves
> >> > from
> >> > the main system, and c) run a few build steps as root (we generate
> some
> >> > distribution images and root privileges are needed to run some of the
> >> > tools,
> >> > e.g. debootstrap and others).
> >> >
> >> > In my buildslaves i need access to the /proc (for some GPU unit tests)
> >> > filesystem so I mount that in the chroot environment but other than
> that
> >> > the
> >> > slave does not have access to the main system.
> >> >
> >> > My question is, is this safe? Are there any security issues with
> running
> >> > in
> >> > a chroot jail or is it inherently safer than running it in the main
> >> > system?
> >> >
> >> > Thanks,
> >> > Michael
> >> >
> >> >
> >> >
> >> >
> >> >
> ------------------------------------------------------------------------------
> >> > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> >> > from Actuate! Instantly Supercharge Your Business Reports and
> Dashboards
> >> > with Interactivity, Sharing, Native Excel Exports, App Integration &
> >> > more
> >> > Get technology previously reserved for billion-dollar corporations,
> FREE
> >> >
> >> >
> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
> >> > _______________________________________________
> >> > Buildbot-devel mailing list
> >> > Buildbot-devel at lists.sourceforge.net
> >> > https://lists.sourceforge.net/lists/listinfo/buildbot-devel
> >> >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://buildbot.net/pipermail/devel/attachments/20141129/ac83b6d5/attachment.html>