| *** tristan <tristan!tristan@223.62.172.86> has joined #buildstream | 06:09 | |
| *** ChanServ sets mode: +o tristan | 06:09 | |
| juergbi | nanonyme: i.e. the command is relying on CAP_DAC_OVERRIDE to modify a file where not even the owner has write permissions? | 06:28 |
|---|---|---|
| juergbi | I don't know whether bwrap --cap-add DAC_OVERRIDE would work/help | 06:30 |
| juergbi | imo, relying on CAP_DAC_OVERRIDE is a bad idea, so I would prefer seeing the tool / file mode fixed but difficult to say without knowing the particular use case | 06:32 |
| *** tristan <tristan!tristan@223.62.172.86> has quit IRC | 06:34 | |
| *** tristan <tristan!tristan@223.62.8.142> has joined #buildstream | 06:51 | |
| *** ChanServ sets mode: +o tristan | 06:51 | |
| *** tristan <tristan!tristan@223.62.8.142> has quit IRC | 08:29 | |
| nanonyme | juergbi: I guess, yes | 09:30 |
| nanonyme | juergbi: I wonder if we should set CAP_DAC_OVERRIDE when sandbox uid is set to 0 | 09:30 |
| nanonyme | It's not default behaviour to set uid to 0 anyway | 09:31 |
| nanonyme | Sounds like it would result in more realistic root | 09:31 |
| nanonyme | juergbi: does BuildStream ever btw pass --capture-allow-file-move to buildbox-casd? | 15:14 |
| nanonyme | Similarly findmissingblobs-cache-ttl | 15:17 |
| nanonyme | juergbi: I'm getting build failures with grpc 1.53.0 and buildbox-common https://gitlab.com/freedesktop-sdk/infrastructure/freedesktop-sdk-docker-images/-/jobs/4082562428 | 15:43 |
| nanonyme | Ah yeah, right. So grpcio switched to new abseil from the LTS branch they have been using | 16:22 |
| nanonyme | I mean, grpc switched | 16:22 |
| nanonyme | https://github.com/grpc/grpc/pull/32733 | 16:27 |
| nanonyme | Aha, never mind. I think it now requries stdc++17 | 19:13 |
| nanonyme | https://gitlab.com/BuildGrid/buildbox/buildbox-common/-/issues/91 | 19:35 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!