Package: mini-buildd Version: 1.0.2 Severity: wishlist Dear Maintainer,
$ cat /etc/sudoers.d/mini-buildd-sudoers # mini-buildd needs sudo calls for chroot preparation only # BASIC: Needed by all chroot types mini-buildd ALL=NOPASSWD:/usr/[s]bin/*debootstrap*,/bin/mount,/bin/umount,/bin/cp,/bin/rm,/bin/mkdir # FILE: DirChroot mini-buildd ALL=NOPASSWD:/bin/mv # FILE: FileChroot mini-buildd ALL=NOPASSWD:/bin/tar # LVM: LVMChroot, LoopLVMChroot mini-buildd ALL=NOPASSWD:/sbin/pvcreate,/sbin/pvremove,/sbin/vgcreate,/sbin/vgremove,/sbin/lvcreate,/sbin/lvremove,/sbin/mkfs,/sbin/fsck # LOOP: LoopLVMChroot mini-buildd ALL=NOPASSWD:/sbin/losetup,/bin/dd This makes it all too easy for the mini-buildd to be root-equivalent. I wonder if this could be replaced with some wrapper scripts in a way that will make mini-buildd less root-equivalent. -- System Information: Debian Release: 7.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=he_IL.utf8, LC_CTYPE=he_IL.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
