[Python-Dev] cpython (3.2): Issue #11956: Skip test_import.test_unwritable_directory on FreeBSD when run as

Michael Foord fuzzyman at voidspace.org.uk
Sat Oct 8 02:13:45 CEST 2011 

On 08/10/2011 00:19, Terry Reedy wrote:
> On 10/7/2011 6:18 AM, Glyph wrote:
>
>> To sum up what I believe is now the consensus from this thread:
>>
>>  1. Anyone setting up a buildslave should take care to invoke the build
>>     in an environment where an out-of-control buildbot, potentially
>>     executing arbitrarily horrible and/or malicious code, should not
>>     damage anything. Builders should always be isolated from valuable
>>     resources, although the specific mechanism of isolation may differ.
>>     A virtual machine is a good default, but may not be sufficient;
>>     other tools for cutting of the builder from the outside world would
>>     be chroot jails, solaris zones, etc.
>>  2. Code runs differently as privileged vs. unprivileged users.
>
> My particular concern with testing as an unprivileged user comes from 
> experience with too many (commercial, post-XP) Windows programs that 
> only run correctly as admin (without an obvious good reason).

It would seem that for this use case it is more important that all tests 
pass when run as a *non-admin* user.

Michael
>
>>     Therefore builders should be set up in both configurations, running
>>     the full test suite, to ensure that all code runs as expected in
>>     both configurations. Some tests, as the start of this thread
>>     indicates, must have some special logic to make sure they do or do
>>     not run, or run differently, in privileged vs. unprivileged
>>     configurations, but generally speaking most things should work in
>>     both places.
>>  3. Access to root my provide access to slightly surprising resources,
>>     even within a VM (such as the ability to send spoofed IP packets,
>>     change the MAC address of even virtual ethernet cards, etc), and
>>     administrators should be aware that this is the case when
>>     configuring the host environment for a run-as-root builder. You
>>     don't want to end up with a compromised test VM that can snoop on
>>     your network.
>


-- 
http://www.voidspace.org.uk/

May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.
-- the sqlite blessing http://www.sqlite.org/different.html

More information about the Python-Dev mailing list