On 08/10/2011 00:19, Terry Reedy wrote: > On 10/7/2011 6:18 AM, Glyph wrote: > >> To sum up what I believe is now the consensus from this thread: >> >> 1. Anyone setting up a buildslave should take care to invoke the build >> in an environment where an out-of-control buildbot, potentially >> executing arbitrarily horrible and/or malicious code, should not >> damage anything. Builders should always be isolated from valuable >> resources, although the specific mechanism of isolation may differ. >> A virtual machine is a good default, but may not be sufficient; >> other tools for cutting of the builder from the outside world would >> be chroot jails, solaris zones, etc. >> 2. Code runs differently as privileged vs. unprivileged users. > > My particular concern with testing as an unprivileged user comes from > experience with too many (commercial, post-XP) Windows programs that > only run correctly as admin (without an obvious good reason). It would seem that for this use case it is more important that all tests pass when run as a *non-admin* user. Michael > >> Therefore builders should be set up in both configurations, running >> the full test suite, to ensure that all code runs as expected in >> both configurations. Some tests, as the start of this thread >> indicates, must have some special logic to make sure they do or do >> not run, or run differently, in privileged vs. unprivileged >> configurations, but generally speaking most things should work in >> both places. >> 3. Access to root my provide access to slightly surprising resources, >> even within a VM (such as the ability to send spoofed IP packets, >> change the MAC address of even virtual ethernet cards, etc), and >> administrators should be aware that this is the case when >> configuring the host environment for a run-as-root builder. You >> don't want to end up with a compromised test VM that can snoop on >> your network. > -- http://www.voidspace.org.uk/ May you do good and not evil May you find forgiveness for yourself and forgive others May you share freely, never taking more than you give. -- the sqlite blessing http://www.sqlite.org/different.html
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4