[Python-Dev] cpython (3.2): Issue #11956: Skip test_import.test_unwritable_directory on FreeBSD when run as (original) (raw)

Terry Reedy tjreedy at udel.edu
Sat Oct 8 01:19:44 CEST 2011

On 10/7/2011 6:18 AM, Glyph wrote:

To sum up what I believe is now the consensus from this thread:

1. Anyone setting up a buildslave should take care to invoke the build in an environment where an out-of-control buildbot, potentially executing arbitrarily horrible and/or malicious code, should not damage anything. Builders should always be isolated from valuable resources, although the specific mechanism of isolation may differ. A virtual machine is a good default, but may not be sufficient; other tools for cutting of the builder from the outside world would be chroot jails, solaris zones, etc. 2. Code runs differently as privileged vs. unprivileged users.

My particular concern with testing as an unprivileged user comes from experience with too many (commercial, post-XP) Windows programs that only run correctly as admin (without an obvious good reason).

Therefore builders should be set up in both configurations, running the full test suite, to ensure that all code runs as expected in both configurations. Some tests, as the start of this thread indicates, must have some special logic to make sure they do or do not run, or run differently, in privileged vs. unprivileged configurations, but generally speaking most things should work in both places. 3. Access to root my provide access to slightly surprising resources, even within a VM (such as the ability to send spoofed IP packets, change the MAC address of even virtual ethernet cards, etc), and administrators should be aware that this is the case when configuring the host environment for a run-as-root builder. You don't want to end up with a compromised test VM that can snoop on your network.

-- Terry Jan Reedy

More information about the Python-Dev mailing list