Issue 756996 link

Starred by 3 users

Issue metadata

Status:	Available
Owner:	----
Cc:	d...@chromium.org no...@chromium.org
Components:	Infra>Platform>Buildbucket
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	2
Type:	Feature

Kitchen should make the directories outside of the workdir read-only

Project Member Reported by phosek@chromium.org, Aug 18 2017

Issue description

We recently found out that one of our build scripts in Fuchsia was writing data into a directory outside of the source checkout (outside of workdir on bots). This issue wasn't caught on the bots because directories outside of workdir are currently writable, but there's no reason for them to be. Kitchen should make these directories read-only to catch these issues.

Comment 1 by no...@chromium.org, Aug 18 2017

Cc: d...@chromium.org
Labels: -Restrict-View-Google Pri-2 Type-Feature
Status: Available (was: Untriaged)

this is a good idea, marking it as p2 (we want this)

Comment 2 by no...@chromium.org, Jun 22 2018

Components: Infra>Platform>Buildbucket

Comment 3 by no...@chromium.org, Jun 22 2018

Components: -Infra>Platform>Buildbucket>Swarmbucket

►

Issue 756996 link

Issue metadata

Kitchen should make the directories outside of the workdir read-only

Issue description

Comment 1 by no...@chromium.org, Aug 18 2017

Comment 1 Deleted

Comment 2 by no...@chromium.org, Jun 22 2018

Comment 2 Deleted

Comment 3 by no...@chromium.org, Jun 22 2018

Comment 3 Deleted

Sign in to add a comment