On Fri, 2018-06-08 at 02:18 +0800, Pan, Xiuli wrote:
On 6/7/2018 22:47, Liam Girdwood wrote:
On Thu, 2018-06-07 at 20:33 +0800, Pan, Xiuli wrote:
We can't compromise security. Maybe the easiest thing is to make xtensa- build.sh
So even if we are running in a docker we could not make the NOPASSWD to make life easier. It only influence the docker container.
Yes, but what happens if we also use the container for security testing/fuzzing of FW/driver/alsa/userspace components ? Need to keep security consistent.
I think the docker is designed to make sure the host and container are isolated. This change just make password not needed for sudo. Actually the password for the docker user is just store in text in Dockerfile. I do not see any security issue here if we just make sudo without password
The point here is that the container must behave like a typical OS installation and follow the same rules/settings.
take a -l flag to install rimage to ~/bin and use this version.
Or maybe I will add a ENV in docker like export DOCKERRUN=1. The xtensa-build.sh then check the ENV, if it had the ENV then we install the rimage into ~/bin, otherwise the scripts goes like the normal way.
Adding -l to xtensa-build.sh will be easy, you can then make sure ~/bin is first in it's $PATH and then ./configure rimage --prexix=~/bin
Then we should run the scripts with a flag? I think the docker may be more complex then a native build environment. I just hope to keep the docker more easy to use.
Yes, we will run the script with a flag inside or outside of Docker. This is an easy change for xtensa-build.sh, because all you are doing is modifying --prefix for rimage and setting $PATH.
Liam
Thanks Xiuli
Liam
Sound-open-firmware mailing list Sound-open-firmware@alsa-project.org http://mailman.alsa-project.org/mailman/listinfo/sound-open-firmware