Hi, On 2020-09-09 08:33, Holger Levsen wrote: > control: tags -1 patch > > On Sat, Sep 05, 2020 at 11:11:22AM +0200, Mattia Rizzolo wrote: > > https://tracker.debian.org/pkg/policy-rcd-declarative > > is a good solution to this: install that package, then instead of > > dropping that file into /usr/local/sbin/policy-rc.d, do > > echo ".* .* deny" > /etc/service-policy.d/00-buildd-deny-all
Thanks a lot Mattia for the solution. It's just a pitty that this package is not in (old)stable, so that we need to special case the way we create the chroots. > > That turns a non-dpkg tracked binary into a non-dpkg tracked conffile, > > which I suppose it's a good compromise. > > awesome find, Mattia, thank you. I dare to tag this bug 'patch' now. Well I would say that we have a solution but not yet the patch, but anyway I'll plan to work on writing a patch in the next days. > > Improvement would be to ship > > that single conffile in a separate package (which, IMHO, > > src:policy-rcd-declarative could do, i.e. provide a > > "policy-rcd-declarative-deny-all" binary; or do fancy things with a > > debconf option sbuild-createchroot could inject but that would be too > > dirty for me). > > I'm tempted to clone this bug and make the clone a wishlist bug for such > a "policy-rcd-declarative-deny-all" binary. What do you think? Indeed, that would be awesome. Regards, Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net
signature.asc
Description: PGP signature
