* [Qemu-devel] [PATCH] docker: Don't mount ccache db if NOUSER=1
@ 2017-09-25 7:54 Fam Zheng
2017-09-28 2:07 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 4+ messages in thread
From: Fam Zheng @ 2017-09-25 7:54 UTC (permalink / raw)
To: qemu-devel
Cc: pbonzini, Fam Zheng, Philippe Mathieu-Daudé, Alex Bennée
With NOUSER=1 the container runs code as root, which may create
privileged files that will not be be accssible next time. Skip ccache
dir mount in this case.
Signed-off-by: Fam Zheng <famz@redhat.com>
---
tests/docker/Makefile.include | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 0e4f159619..6f9ea196a7 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -143,9 +143,11 @@ docker-run: docker-qemu-src
-e EXTRA_CONFIGURE_OPTS="$(EXTRA_CONFIGURE_OPTS)" \
-e V=$V -e J=$J -e DEBUG=$(DEBUG) \
-e SHOW_ENV=$(SHOW_ENV) \
- -e CCACHE_DIR=/var/tmp/ccache \
+ $(if $(NOUSER),, \
+ -e CCACHE_DIR=/var/tmp/ccache \
+ -v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \
+ ) \
-v $$(readlink -e $(DOCKER_SRC_COPY)):/var/tmp/qemu:z$(COMMA)ro \
- -v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \
$(IMAGE) \
/var/tmp/qemu/run \
$(TEST), " RUN $(TEST) in ${IMAGE}")
--
2.13.5
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] docker: Don't mount ccache db if NOUSER=1
2017-09-25 7:54 [Qemu-devel] [PATCH] docker: Don't mount ccache db if NOUSER=1 Fam Zheng
@ 2017-09-28 2:07 ` Philippe Mathieu-Daudé
2017-09-28 7:09 ` Fam Zheng
2017-09-28 14:47 ` Alex Bennée
0 siblings, 2 replies; 4+ messages in thread
From: Philippe Mathieu-Daudé @ 2017-09-28 2:07 UTC (permalink / raw)
To: Fam Zheng
Cc: qemu-devel@nongnu.org Developers, Paolo Bonzini, Alex Bennée
On Mon, Sep 25, 2017 at 4:54 AM, Fam Zheng <famz@redhat.com> wrote:
> With NOUSER=1 the container runs code as root, which may create
> privileged files that will not be be accssible next time. Skip ccache
> dir mount in this case.
>
> Signed-off-by: Fam Zheng <famz@redhat.com>
Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
> tests/docker/Makefile.include | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
> index 0e4f159619..6f9ea196a7 100644
> --- a/tests/docker/Makefile.include
> +++ b/tests/docker/Makefile.include
> @@ -143,9 +143,11 @@ docker-run: docker-qemu-src
> -e EXTRA_CONFIGURE_OPTS="$(EXTRA_CONFIGURE_OPTS)" \
> -e V=$V -e J=$J -e DEBUG=$(DEBUG) \
> -e SHOW_ENV=$(SHOW_ENV) \
> - -e CCACHE_DIR=/var/tmp/ccache \
> + $(if $(NOUSER),, \
> + -e CCACHE_DIR=/var/tmp/ccache \
> + -v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \
> + ) \
> -v $$(readlink -e $(DOCKER_SRC_COPY)):/var/tmp/qemu:z$(COMMA)ro \
> - -v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \
> $(IMAGE) \
> /var/tmp/qemu/run \
> $(TEST), " RUN $(TEST) in ${IMAGE}")
> --
> 2.13.5
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] docker: Don't mount ccache db if NOUSER=1
2017-09-28 2:07 ` Philippe Mathieu-Daudé
@ 2017-09-28 7:09 ` Fam Zheng
2017-09-28 14:47 ` Alex Bennée
1 sibling, 0 replies; 4+ messages in thread
From: Fam Zheng @ 2017-09-28 7:09 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: Paolo Bonzini, Alex Bennée, qemu-devel@nongnu.org Developers
On Wed, 09/27 23:07, Philippe Mathieu-Daudé wrote:
> On Mon, Sep 25, 2017 at 4:54 AM, Fam Zheng <famz@redhat.com> wrote:
> > With NOUSER=1 the container runs code as root, which may create
> > privileged files that will not be be accssible next time. Skip ccache
> > dir mount in this case.
> >
> > Signed-off-by: Fam Zheng <famz@redhat.com>
>
> Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Queued, thanks.
Fam
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [PATCH] docker: Don't mount ccache db if NOUSER=1
2017-09-28 2:07 ` Philippe Mathieu-Daudé
2017-09-28 7:09 ` Fam Zheng
@ 2017-09-28 14:47 ` Alex Bennée
1 sibling, 0 replies; 4+ messages in thread
From: Alex Bennée @ 2017-09-28 14:47 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: Fam Zheng, qemu-devel@nongnu.org Developers, Paolo Bonzini
Philippe Mathieu-Daudé <f4bug@amsat.org> writes:
> On Mon, Sep 25, 2017 at 4:54 AM, Fam Zheng <famz@redhat.com> wrote:
>> With NOUSER=1 the container runs code as root, which may create
>> privileged files that will not be be accssible next time. Skip ccache
>> dir mount in this case.
>>
>> Signed-off-by: Fam Zheng <famz@redhat.com>
>
> Acked-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Makes sense:
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
>
>> ---
>> tests/docker/Makefile.include | 6 ++++--
>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
>> index 0e4f159619..6f9ea196a7 100644
>> --- a/tests/docker/Makefile.include
>> +++ b/tests/docker/Makefile.include
>> @@ -143,9 +143,11 @@ docker-run: docker-qemu-src
>> -e EXTRA_CONFIGURE_OPTS="$(EXTRA_CONFIGURE_OPTS)" \
>> -e V=$V -e J=$J -e DEBUG=$(DEBUG) \
>> -e SHOW_ENV=$(SHOW_ENV) \
>> - -e CCACHE_DIR=/var/tmp/ccache \
>> + $(if $(NOUSER),, \
>> + -e CCACHE_DIR=/var/tmp/ccache \
>> + -v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \
>> + ) \
>> -v $$(readlink -e $(DOCKER_SRC_COPY)):/var/tmp/qemu:z$(COMMA)ro \
>> - -v $(DOCKER_CCACHE_DIR):/var/tmp/ccache:z \
>> $(IMAGE) \
>> /var/tmp/qemu/run \
>> $(TEST), " RUN $(TEST) in ${IMAGE}")
>> --
>> 2.13.5
>>
--
Alex Bennée
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-09-28 14:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-25 7:54 [Qemu-devel] [PATCH] docker: Don't mount ccache db if NOUSER=1 Fam Zheng
2017-09-28 2:07 ` Philippe Mathieu-Daudé
2017-09-28 7:09 ` Fam Zheng
2017-09-28 14:47 ` Alex Bennée
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.