WIP: Allow group access to various bits of data that will be accessed by buildbox-casd (!1684) · Merge requests · BuildStream / buildstream

Tristan Maat requested to merge tlater/casd-socket-permissions into master Nov 04, 2019

Description

Since we'd like to support a userchroot workflow that uses an intermediate user to go through the safe setuid-userchroot barrier, we need to allow access to any files accessed by buildbox-casd to a group of users, such that we can run BuildStream with umask 002.

Currently still outstanding is:

A correction of the source determinism tests, which rely on a specific umask that can't be upheld when umask 002 is required
A solution for handling bzr CVS directories (since these seem to be umask 077)
A cleanup solving the discovered problems more generally

This patch also depends on (and includes) !1645 (merged), which should be merged beforehand.

Edited Nov 12, 2019 by Tristan Maat

WIP: Allow group access to various bits of data that will be accessed by buildbox-casd

Description

Merge request reports