diff options
author | zer0def | 2020-11-05 10:38:49 +0100 |
---|---|---|
committer | zer0def | 2020-11-05 10:38:49 +0100 |
commit | 99c1affb4a768a7e49abc275f01a7c918a75ab8f (patch) | |
tree | aee39e5a4f0d85a3f97a6482b1f2981ad0272512 /kata-containers-guest.install | |
parent | 161ad664a34245d74f4f676cd0ce93c129f670c2 (diff) | |
download | aur-99c1affb4a768a7e49abc275f01a7c918a75ab8f.tar.gz |
Warn the user about security implications of the current image build process as-is
Diffstat (limited to 'kata-containers-guest.install')
-rw-r--r-- | kata-containers-guest.install | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/kata-containers-guest.install b/kata-containers-guest.install new file mode 100644 index 000000000000..66c817eb97ca --- /dev/null +++ b/kata-containers-guest.install @@ -0,0 +1,17 @@ +post_install() { + cat <<EOF + +Due to backflips made to be able to build the Kata guest image (not initrd!) +without root account access, rootfs has uid:gid of the builer's user account. + +This might have subtle security implications and if that's not acceptable, +the user could do one of the following: + +- alter the build process to use upstream's \`image_builder.sh\` to build + the image from rootfs created via \`pacman\`, with root priviledges +- use the \`-bin\`-suffixed package, containing upstream-built images + +By installing this package as-is, the user acknowledges this warning. + +EOF +} |