• Michael Shigorin's avatar
    build-vm: try system tar2fs first · f293239d
    Michael Shigorin authored
    It's at least removing the very obvious user->root
    attack through (maliciously) modifying bin/tar2fs
    and waiting for it to be run; if mkimage-profiles
    is installed system-wide as a package, the script
    from /usr/share/mkimage-profiles will be tried so
    those willing to allow vm/* build to themselves
    can provide for a passwordless sudo (as described
    in doc/vm.txt) to run a root-only writable script,
    not user-writable.
    
    Still not perfect but a step away from the abyss.
    f293239d