I thought apk's only had to build non interactively (which it does) - &
under grsecurity in Alpine non root users can only read /proc if they
have GID:30 (readproc). I didn't see how sshfs could be patched when
/proc/mounts would need to be read.
There were some small errors in APKBUILD which I've now fixed.
Stuart.
On 02/06/2015 02:58 PM, Timo Teras wrote:
While I understand what it's trying to fix, and why you suggest this.
It is not correct on multiple levels:
- apk packages need to be installable non-interactively
- adding to readproc allows lots of other stuff
- the fix should be to:
1) make sshfs not read those files, or not fail if they are not
readable
2) fix grsec proc permissions to allow it work
Do you know which files sshfs needs that are not readable for regular
user?
On Fri, 6 Feb 2015 14:28:59 +0000
Stuart Cardall <developer@it-offshore.co.uk> wrote: