[tor-bugs] #18127 [Tor Browser]: Add LXC support for building with Debian guest VMs
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 2 19:04:31 UTC 2016
#18127: Add LXC support for building with Debian guest VMs
----------------------------------------------+--------------------------
Reporter: gk | Owner: boklm
Type: enhancement | Status: assigned
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-gitian, TorBrowserTeam201603 | Actual Points:
Parent ID: | Points:
Sponsor: |
----------------------------------------------+--------------------------
Comment (by boklm):
Replying to [comment:13 boklm]:
>
> In tor-browser-builder-3, sudo was used to call vmbuilder. In the new
version the same thing is done without vmbuilder, but with different sudo
calls to debootstrap, mount, cp, rm. So it is less easy now to allow only
specific sudo calls.
The change from vmbuilder to debootstrap was done with this commit:
https://github.com/devrandom/gitian-
builder/commit/af56f89a6acffd363c845a489ec163f0d85d30be
For this ticket:
https://github.com/devrandom/gitian-builder/issues/86
I'm not sure what is the best way to fix this problem. The different
solutions I can see to fix this are:
- revert the change to move from vmbuilder to debootstrap. But looking at
the ticket it looks like we will have problems because of the kernel and
grup packages installed by vmbuilder, so this probably implies patching
vmbuilder too.
- extract the sudo commands from make-base-vm and put them in a script in
a directory such as /usr/local/sbin that we add to sudoers, then patch
make-base-vm to use this script with sudo if it exists.
- giving sudoers access to build users to debootstrap, mount, umount, cp,
rm commands which is similar to giving full sudoers access
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18127#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list