continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carlos Sanchez" <car...@apache.org>
Subject Running continuum builds in a isolated environment
Date Thu, 17 Apr 2008 16:43:20 GMT
For those that haven't seen yet CONTINUUM-1731 i'm working on getting
continuum builds to run isolated from other builds and from the
original server system, and to prevent malicious builds/scripts from
doing damage or accessing other builds data in the filesystem

I'm creating a chroot jail per project group and before each build
invocation continuum will chroot there (possibly combining with user
permissions too) so what the build is going to see is a fake
filesystem shared only with the other projects in the same project
group.

Setting up the server is quite a pita, you need a chroot directory per
project group with copies of all the authorized programs (java, maven,
svn,...) and the libraries used. There's going to be a maven repo for
each project group too, so the disk space used is going to grow fairly
quickly. I think I got it mostly setup now, but it's very server
dependent. Now i'm working on executing the chroot before the build is
called, it requires some changes in the way the working directory is
selected.



-- 
I could give you my word as a Spaniard.
No good. I've known too many Spaniards.
 -- The Princess Bride

Mime
View raw message