d3ae6f6 [rpmbuild] make_srpm: don't use --private-users=pick

Authored and Committed by praiskup 2 years ago
    [rpmbuild] make_srpm: don't use --private-users=pick
    Even though --private-users=pick **is** the "recommended" settings
    (per man systemd-nspawn), let's use the default
    (--private-users=true) setup for user namespaces.
    First, this is needed at least till [1] is merged, and/or
    systemd-nspawn is fixed to behave differently.
    Second, there's no point to treat make_srpm differently from other
    srpm methods, or even from RPM building.  If the security was a
    concern here, we should use '--private-users=pick' everywhere in
    mock by default.  Or ideally we shouldn't even grant the user the
    root access inside the container at all (might be done in #534).
    [1] https://github.com/rpm-software-management/mock/pull/265
file modified
+1 -1