diff options
author | Michael Schroeder <mls@suse.de> | 2016-09-19 12:59:35 +0200 |
---|---|---|
committer | Michael Schroeder <mls@suse.de> | 2016-09-19 13:02:41 +0200 |
commit | 346b96dbaa1b65d9632724c1f2963b4735594b26 (patch) | |
tree | 321d42acabf5e72736b049f5f8ddafece609f8c9 /build.conf.example | |
parent | d92b95aa9be3c935a3ee2abb001f141192cda78e (diff) |
Add optional whitelisting for allowed buildroots and parameters
Based on a patch from Matias Hilden and Juha Kallioinen.
Can be used to make multi-user environments more secure.
Does not change functionality if /etc/obs/build.conf is not
present on system.
Diffstat (limited to 'build.conf.example')
-rw-r--r-- | build.conf.example | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/build.conf.example b/build.conf.example new file mode 100644 index 0000000..6f85a6d --- /dev/null +++ b/build.conf.example @@ -0,0 +1,27 @@ +# Example configuration for buildroot and parameter whitelisting. +# Can be used to make multi-user environments more secure. Everything is +# allowed by default if no whitelist is defined. +# +# List of whitelisted build roots. +# %user will be replaced with $SUDO_USER (or $USER when running without sudo) +# +# ALLOW_BUILD_ROOT: /var/tmp/%user/build-root +# ALLOW_BUILD_ROOT: /var/tmp/build-root + +# List of whitelisted parameters. Allowed parameters +# must be listed in double dash format. +# +# ALLOW_PARAM: --arch +# ALLOW_PARAM: --changelog +# ALLOW_PARAM: --clean +# ALLOW_PARAM: --dist +# ALLOW_PARAM: --jobs +# ALLOW_PARAM: --noinit +# ALLOW_PARAM: --norootforbuild +# ALLOW_PARAM: --root +# ALLOW_PARAM: --rpmlist +# +# Specific parameter arguments can be whitelisted (other arguments +# are not allowed in that case): +# +# ALLOW_PARAM: --jobs 1 |