Return-Path: 
 <commits-return-4021-apmail-continuum-commits-archive=continuum.apache.org@continuum.apache.org>
Delivered-To: apmail-continuum-commits-archive@www.apache.org
Received: (qmail 98057 invoked from network); 6 Jun 2008 00:18:01 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 6 Jun 2008 00:18:01 -0000
Received: (qmail 59937 invoked by uid 500); 6 Jun 2008 00:18:04 -0000
Delivered-To: apmail-continuum-commits-archive@continuum.apache.org
Received: (qmail 59887 invoked by uid 500); 6 Jun 2008 00:18:03 -0000
Mailing-List: contact commits-help@continuum.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@continuum.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@continuum.apache.org>
List-Post: <mailto:commits@continuum.apache.org>
List-Id: <commits.continuum.apache.org>
Reply-To: dev@continuum.apache.org
Delivered-To: mailing list commits@continuum.apache.org
Received: (qmail 59878 invoked by uid 99); 6 Jun 2008 00:18:03 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Jun 2008 17:18:03 -0700
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Jun 2008 00:17:06 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id 815192388A06; Thu,  5 Jun 2008 17:17:28 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r663792 - in /continuum/trunk:
 continuum-core/src/main/java/org/apache/maven/continuum/execution/
 continuum-docs/src/site/ continuum-docs/src/site/apt/administrator_guides/
 continuum-webapp/src/main/webapp/WEB-INF/
Date: Fri, 06 Jun 2008 00:17:24 -0000
To: commits@continuum.apache.org
From: carlos@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20080606001728.815192388A06@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: carlos
Date: Thu Jun  5 17:17:18 2008
New Revision: 663792

URL: http://svn.apache.org/viewvc?rev=663792&view=rev
Log:
[CONTINUUM-1731] Add docs for chroot jail feature

Added:
    continuum/trunk/continuum-docs/src/site/apt/administrator_guides/chroot.apt   (with props)
Modified:
    continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/execution/AbstractBuildExecutor.java
    continuum/trunk/continuum-docs/src/site/site.xml
    continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/applicationContext.xml

Modified: continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/execution/AbstractBuildExecutor.java
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/execution/AbstractBuildExecutor.java?rev=663792&r1=663791&r2=663792&view=diff
==============================================================================
--- continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/execution/AbstractBuildExecutor.java (original)
+++ continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/execution/AbstractBuildExecutor.java Thu Jun  5 17:17:18 2008
@@ -255,6 +255,9 @@
             {
                 StringBuilder sb = new StringBuilder();
                 sb.append( CHROOT_EXECUTABLE );
+                // TODO see CONTINUUM-1731
+                //sb.append( "su" );
+                //sb.append( username );
                 sb.append( " " );
                 sb.append( new File( chrootJailDirectory, project.getGroupId() ) );
                 sb.append( " " );

Added: continuum/trunk/continuum-docs/src/site/apt/administrator_guides/chroot.apt
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-docs/src/site/apt/administrator_guides/chroot.apt?rev=663792&view=auto
==============================================================================
--- continuum/trunk/continuum-docs/src/site/apt/administrator_guides/chroot.apt (added)
+++ continuum/trunk/continuum-docs/src/site/apt/administrator_guides/chroot.apt Thu Jun  5 17:17:18 2008
@@ -0,0 +1,90 @@
+ ------
+ Running builds in a chroot jail
+ ------
+ Carlos Sanchez
+ ------
+ June 5 2008
+ ------
+
+Running builds in chroot jail
+
+ Feature not yet finished! See {{{http://jira.codehaus.org/browse/CONTINUUM-1731}CONTINUUM-1731}}
+
+ You could make continuum run the builds in each project group in a separate chroot jail so they don't interfere with each other
+ for security and stability issues. It requires a fair amount of work to setup the system.
+
+ There are still some security concerns. The user could escape the chroot jail.
+
+
+Creating a chroot jail
+
+ Installed {{{http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.bz2}jailkit}}
+ ( {{{http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html}howto}} )
+
+ Add chroot to /etc/sudoers and comment out requiretty
+
++----------------------------+
+ jetty ALL=NOPASSWD:/usr/sbin/chroot
++----------------------------+
+
+
+  Add /usr/sbin to the PATH in /home/jetty/.bash_profile
+
+Create the jail
+
++----------------------------+
+export JAIL=/home/jail/org.apache.continuum
+jk_init -v -j $JAIL basicshell netbasics
+jk_cp -j $JAIL /bin/uname
+jk_cp -j $JAIL /usr/bin/expr
+jk_cp -j $JAIL /usr/bin/dirname
+jk_cp -j $JAIL /usr/bin/which
+jk_cp -j $JAIL /bin/env
+jk_cp -j $JAIL /bin/su
+ 
+cd $JAIL
+
+# devices
+mkdir proc
+mount -t proc /proc proc
+mkdir dev
+mknod dev/null c 1 3
+mknod dev/zero c 1 5
+chmod a=rw dev/null dev/zero
+
+# Java
+cp -r /usr/java usr
+ln -s /usr/java/default/bin/java bin/
+ln -s /usr/java/default/bin/javac bin/
+cd lib
+for f in `find /usr/java/default/jre/lib/i386 -maxdepth 1 -iname "*.so*"`; do ln -s $f ; done
+ln -s /usr/java/default/jre/lib/i386/jli/libjli.so
+ln -s /usr/java/default/jre/lib/i386
+cp /lib/libm.so.6&nbsp; .
+
+# Maven
+mkdir -p usr/share
+cp -r /usr/share/apache-maven-2.0.9 usr/share
+ln -s /usr/share/apache-maven-2.0.9/bin/mvn bin/mvn
+
+sudo /usr/sbin/chroot $JAIL /bin/bash
+
+# env
+export M2_HOME=/usr/share/apache-maven-2.0.9
+export JAVA_HOME=/usr/java/default
+
++----------------------------+
+
+
+Configuring continuum webapp
+
+  Uncomment the following lines in WEB-INF/applicationContext.xml
+
++----------------------------+
+  <!-- to run builds in a chroot jail environment
+       note this is not secure yet, see http://jira.codehaus.org/browse/CONTINUUM-1731 
+  <bean name="chrootJailDirectory" class="java.io.File">
+    <constructor-arg value="/home/jail"/>
+  </bean>
+  <bean id="workingDirectoryService" class="org.apache.maven.continuum.utils.ChrootJailWorkingDirectoryService" autowire="byName"/>
++----------------------------+

Propchange: continuum/trunk/continuum-docs/src/site/apt/administrator_guides/chroot.apt
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: continuum/trunk/continuum-docs/src/site/apt/administrator_guides/chroot.apt
------------------------------------------------------------------------------
    svn:keywords = "Author Date Id Revision"

Modified: continuum/trunk/continuum-docs/src/site/site.xml
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-docs/src/site/site.xml?rev=663792&r1=663791&r2=663792&view=diff
==============================================================================
--- continuum/trunk/continuum-docs/src/site/site.xml (original)
+++ continuum/trunk/continuum-docs/src/site/site.xml Thu Jun  5 17:17:18 2008
@@ -120,6 +120,7 @@
         <item name="Build Definition Template" href="documentation/1_1/administrator_guides/builddefTemplate.html"/>
         <item name="Shutdown Continuum" href="documentation/1_1/administrator_guides/shutdown.html"/>
         <item name="Managing Queues" href="documentation/1_1/administrator_guides/queues.html"/> 
+        <item name="Running builds in chroot jail" href="documentation/1_1/administrator_guides/chroot.html"/>
       </item>
       <item name="Developer's Guides" href="documentation/1_1/developer_guides/index.html" collapse="true">
         <!-- item name="SVN repository structure" href="documentation/1_1/developer_guides/svn.html"/ -->

Modified: continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/applicationContext.xml?rev=663792&r1=663791&r2=663792&view=diff
==============================================================================
--- continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/applicationContext.xml (original)
+++ continuum/trunk/continuum-webapp/src/main/webapp/WEB-INF/applicationContext.xml Thu Jun  5 17:17:18 2008
@@ -25,6 +25,7 @@
   </bean>
 
   <!-- to run builds in a chroot jail environment
+       note this is not secure yet, see http://jira.codehaus.org/browse/CONTINUUM-1731 
   <bean name="chrootJailDirectory" class="java.io.File">
     <constructor-arg value="/home/jail"/>
   </bean>