On 6/7/2018 22:47, Liam Girdwood wrote:
On Thu, 2018-06-07 at 20:33 +0800, Pan, Xiuli wrote:
We can't compromise security. Maybe the easiest thing is to make xtensa- build.sh
So even if we are running in a docker we could not make the NOPASSWD to make life easier. It only influence the docker container.
Yes, but what happens if we also use the container for security testing/fuzzing of FW/driver/alsa/userspace components ? Need to keep security consistent.
I think the docker is designed to make sure the host and container are isolated. This change just make password not needed for sudo. Actually the password for the docker user is just store in text in Dockerfile. I do not see any security issue here if we just make sudo without password
take a -l flag to install rimage to ~/bin and use this version.
Or maybe I will add a ENV in docker like export DOCKERRUN=1. The xtensa-build.sh then check the ENV, if it had the ENV then we install the rimage into ~/bin, otherwise the scripts goes like the normal way.
Adding -l to xtensa-build.sh will be easy, you can then make sure ~/bin is first in it's $PATH and then ./configure rimage --prexix=~/bin
Then we should run the scripts with a flag? I think the docker may be more complex then a native build environment. I just hope to keep the docker more easy to use.
Thanks Xiuli
Liam