You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@continuum.apache.org by "Carlos Sanchez (JIRA)" <ji...@codehaus.org> on 2008/04/15 02:36:59 UTC
[jira] Created: (CONTINUUM-1731) Allow running builds in a chroot
jail
Allow running builds in a chroot jail
-------------------------------------
Key: CONTINUUM-1731
URL: http://jira.codehaus.org/browse/CONTINUUM-1731
Project: Continuum
Issue Type: New Feature
Components: Core system
Affects Versions: 1.1
Reporter: Carlos Sanchez
A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-1731) Allow running builds in a chroot
jail
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=131167#action_131167 ]
Wendy Smoak commented on CONTINUUM-1731:
----------------------------------------
There is a separate issue open for distributed builds: http://jira.codehaus.org/browse/CONTINUUM-1666
Some of this work (the separate local repos) should also help with parallel builds.
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Assignee: Carlos Sanchez
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-1731) Allow running builds in a chroot
jail
Posted by "Carlos Sanchez (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=139042#action_139042 ]
Carlos Sanchez commented on CONTINUUM-1731:
-------------------------------------------
i wouldn't say it's done because the security of the jail is not really enforced. If someone wants to pick up the work where I left it it'd be welcome
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Fix For: 1.2
>
> Original Estimate: 0 minutes
> Remaining Estimate: 0 minutes
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Assigned: (CONTINUUM-1731) Allow running builds in a chroot
jail
Posted by "Carlos Sanchez (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carlos Sanchez reassigned CONTINUUM-1731:
-----------------------------------------
Assignee: Carlos Sanchez
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Assignee: Carlos Sanchez
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-1731) Allow running builds in a chroot
jail
Posted by "Brett Porter (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=137966#action_137966 ]
Brett Porter commented on CONTINUUM-1731:
-----------------------------------------
should this be closed Carlos?
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Fix For: 1.2
>
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (CONTINUUM-1731) Allow running builds in a chroot
jail
Posted by "Emmanuel Venisse (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Venisse updated CONTINUUM-1731:
----------------------------------------
Remaining Estimate: 0 minutes
Original Estimate: 0 minutes
ping
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Fix For: 1.2
>
> Original Estimate: 0 minutes
> Remaining Estimate: 0 minutes
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-1731) Allow running builds in a chroot
jail
Posted by "Carlos Sanchez (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=137590#action_137590 ]
Carlos Sanchez commented on CONTINUUM-1731:
-------------------------------------------
Added some docs at https://svn.apache.org/repos/asf/continuum/trunk/continuum-docs/src/site/apt/administrator_guides/chroot.apt
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Fix For: 1.2
>
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Assigned: (CONTINUUM-1731) Allow running builds in a chroot
jail
Posted by "Carlos Sanchez (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carlos Sanchez reassigned CONTINUUM-1731:
-----------------------------------------
Assignee: (was: Carlos Sanchez)
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Fix For: 1.2
>
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-1731) Allow running builds in a chroot
jail
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=130910#action_130910 ]
Wendy Smoak commented on CONTINUUM-1731:
----------------------------------------
Does this include separate local repositories for each project group?
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Assignee: Carlos Sanchez
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-1731) Allow running builds in a chroot
jail
Posted by "Carlos Sanchez (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=130912#action_130912 ]
Carlos Sanchez commented on CONTINUUM-1731:
-------------------------------------------
yes, they must be separate because the jail wont allow you to see anything else
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Assignee: Carlos Sanchez
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (CONTINUUM-1731) Allow running builds in a chroot
jail
Posted by "Brett Porter (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brett Porter updated CONTINUUM-1731:
------------------------------------
Fix Version/s: 1.2
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Assignee: Carlos Sanchez
> Fix For: 1.2
>
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Work stopped: (CONTINUUM-1731) Allow running builds in a
chroot jail
Posted by "Carlos Sanchez (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on CONTINUUM-1731 stopped by Carlos Sanchez.
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Assignee: Carlos Sanchez
> Fix For: 1.2
>
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (CONTINUUM-1731) Allow running builds in a chroot
jail
Posted by "Emmanuel Venisse (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Venisse updated CONTINUUM-1731:
----------------------------------------
Fix Version/s: (was: 1.2.1)
1.x
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Fix For: 1.x
>
> Original Estimate: 0 minutes
> Remaining Estimate: 0 minutes
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Work started: (CONTINUUM-1731) Allow running builds in a
chroot jail
Posted by "Carlos Sanchez (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on CONTINUUM-1731 started by Carlos Sanchez.
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Assignee: Carlos Sanchez
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-1731) Allow running builds in a chroot
jail
Posted by "Ignacio G. Mac Dowell (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=131155#action_131155 ]
Ignacio G. Mac Dowell commented on CONTINUUM-1731:
--------------------------------------------------
I would suggest making distributed builds possible within continuum. If this was possible, installing the agents on different vservers (this would be my choice) on the same machine would IMHO make a superior (and portable - you wouldn't need them to be vservers) solution.
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Assignee: Carlos Sanchez
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-1731) Allow running builds in a chroot
jail
Posted by "Carlos Sanchez (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-1731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=137586#action_137586 ]
Carlos Sanchez commented on CONTINUUM-1731:
-------------------------------------------
right now the builds run chrooted but I was told the user could escape the chroot jail
in AbstractBuildExecutor the chroot call should be followed with a "su username" with an user that has no privileges.
> Allow running builds in a chroot jail
> -------------------------------------
>
> Key: CONTINUUM-1731
> URL: http://jira.codehaus.org/browse/CONTINUUM-1731
> Project: Continuum
> Issue Type: New Feature
> Components: Core system
> Affects Versions: 1.1
> Reporter: Carlos Sanchez
> Fix For: 1.2
>
>
> A nice feature would be to run continuum builds in chroot environments to avoid possible malicious commands and so a project can't access files from another project
> The distinction could be per project group
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira