When you use our open build service (OBS) and build packages on your local machine, code from the network is executed as root. This is ok as long as you trust the packages.
If you do not want the code to be executed with full access to your local files then you can use KVM.
Add the following lines to you ~/.oscrc:
[general]
build-type=kvm
build-device=/tmp/KVM.root
build-swap=/tmp/KVM.swap
build-memory=254
But before this files can be used you have to create them:
> dd if=/dev/zero of=/tmp/KVM.swap bs=1024 count=300000
> qemu-img create /tmp/KVM.root 6G
> su -c "mkfs.ext3 -c /tmp/KVM.root "
Now you can use osc build without caring too much about your local security.
Thanks to Adrian to bringing this up.
Posts
2 comments:
Hello Tom,
should
> dd if=/dev/zero of=/tmp/KVM.swamp bs=1024 count=300000
not be
> dd if=/dev/zero of=/tmp/KVM.swap bs=1024 count=300000
( without the m in /tmp/KVM.swap ) ?
greettings from Berlin & regards
JBScout aka Thomy
Hi JBScout,
you are right... swap not swamp, the last one is a tool we use for workflow management.
Bye
Thomas
Post a Comment