[Python-Dev] cpython (3.2): Issue #11956: Skip test_import.test_unwritable_directory on FreeBSD when run as
Terry Reedy
tjreedy at udel.edu
Sat Oct 8 01:19:44 CEST 2011
On 10/7/2011 6:18 AM, Glyph wrote:
> To sum up what I believe is now the consensus from this thread:
>
> 1. Anyone setting up a buildslave should take care to invoke the build
> in an environment where an out-of-control buildbot, potentially
> executing arbitrarily horrible and/or malicious code, should not
> damage anything. Builders should always be isolated from valuable
> resources, although the specific mechanism of isolation may differ.
> A virtual machine is a good default, but may not be sufficient;
> other tools for cutting of the builder from the outside world would
> be chroot jails, solaris zones, etc.
> 2. Code runs differently as privileged vs. unprivileged users.
My particular concern with testing as an unprivileged user comes from
experience with too many (commercial, post-XP) Windows programs that
only run correctly as admin (without an obvious good reason).
> Therefore builders should be set up in both configurations, running
> the full test suite, to ensure that all code runs as expected in
> both configurations. Some tests, as the start of this thread
> indicates, must have some special logic to make sure they do or do
> not run, or run differently, in privileged vs. unprivileged
> configurations, but generally speaking most things should work in
> both places.
> 3. Access to root my provide access to slightly surprising resources,
> even within a VM (such as the ability to send spoofed IP packets,
> change the MAC address of even virtual ethernet cards, etc), and
> administrators should be aware that this is the case when
> configuring the host environment for a run-as-root builder. You
> don't want to end up with a compromised test VM that can snoop on
> your network.
--
Terry Jan Reedy
More information about the Python-Dev
mailing list