[Buildbot-devel] Running buildslaves in chroot
Paul Colomiets
paul at colomiets.name
Sat Nov 29 21:16:05 UTC 2014
Hi Michael,
On Sat, Nov 29, 2014 at 10:46 PM, Michael Hansen
<michael.schacht.hansen at gmail.com> wrote:
> My question is, is this safe? Are there any security issues with running in
> a chroot jail or is it inherently safer than running it in the main system?
>
If you have recent kernel with CONFIG_USER_NS enabled you can use
chroot jail as a non-root user account (there were exploits of
non-privileged containers in recent few months, but I believe it's
more secure anyway).
For example here is one such tool which we successfully use under buildbot:
http://vagga.readthedocs.org/
--
Paul
More information about the devel
mailing list