[Python-Dev] cpython (3.2): Issue #11956: Skip test_import.test_unwritable_directory on FreeBSD when run as

[Terry Reedy]

On 10/7/2011 6:18 AM, Glyph wrote:

> To sum up what I believe is now the consensus from this thread:
>
>  1. Anyone setting up a buildslave should take care to invoke the build
>     in an environment where an out-of-control buildbot, potentially
>     executing arbitrarily horrible and/or malicious code, should not
>     damage anything. Builders should always be isolated from valuable
>     resources, although the specific mechanism of isolation may differ.
>     A virtual machine is a good default, but may not be sufficient;
>     other tools for cutting of the builder from the outside world would
>     be chroot jails, solaris zones, etc.
>  2. Code runs differently as privileged vs. unprivileged users.

My particular concern with testing as an unprivileged user comes from 
experience with too many (commercial, post-XP) Windows programs that 
only run correctly as admin (without an obvious good reason).

>     Therefore builders should be set up in both configurations, running
>     the full test suite, to ensure that all code runs as expected in
>     both configurations. Some tests, as the start of this thread
>     indicates, must have some special logic to make sure they do or do
>     not run, or run differently, in privileged vs. unprivileged
>     configurations, but generally speaking most things should work in
>     both places.
>  3. Access to root my provide access to slightly surprising resources,
>     even within a VM (such as the ability to send spoofed IP packets,
>     change the MAC address of even virtual ethernet cards, etc), and
>     administrators should be aware that this is the case when
>     configuring the host environment for a run-as-root builder. You
>     don't want to end up with a compromised test VM that can snoop on
>     your network.

-- 
Terry Jan Reedy