CVS commit by matz: 

Don't allow non-chroot-able daemons to connect without cmdline option.
And don't give them out as compile hosts.


  M +17 -1     scheduler.cpp   1.150


--- kdenonbeta/icecream/icecream/services/scheduler.cpp  #1.149:1.150
@@ -131,5 +131,5 @@ public:
   CS (struct sockaddr *_addr, socklen_t _len)
     : Service(_addr, _len), load(1000), max_jobs(0), state(CONNECTED),
-      type(UNKNOWN) {
+      type(UNKNOWN), chroot_possible(false) {
     hostid = 0;
     busy_installing = 0;
@@ -145,4 +145,5 @@ public:
   enum {CONNECTED, LOGGEDIN} state;
   enum {UNKNOWN, CLIENT, DAEMON, MONITOR, LINE} type;
+  bool chroot_possible;
   static unsigned int hostid_counter;
 };
@@ -604,4 +605,5 @@ pick_server(Job *job)
           trace() << "no job stats - looking at " << ( *it )->nodename << " load: " << (*it )->load << " can install: " << can_install( *it, job ) << endl;
           if (int( (*it)->joblist.size() ) < (*it)->max_jobs
+              && (*it)->chroot_possible
               && (*it)->load < 1000 && can_install( *it, job ).size() )
             {
@@ -656,4 +658,12 @@ pick_server(Job *job)
       }
 
+      /* Don't use non-chroot-able daemons for remote jobs.  XXX */
+      if (!cs->chroot_possible)
+        {
+          trace() << cs->nodename << " can't use chroot\n";
+          continue;
+        }
+         
+
 #if DEBUG_SCHEDULER > 1
       trace() << cs->nodename << " compiled " << cs->last_compiled_jobs.size() << " got now: " <<
@@ -850,4 +860,9 @@ handle_login (MsgChannel *c, Msg *_m)
     return false;
 
+  /* If we don't allow non-chroot-able daemons in the farm,
+     discard them here.  */
+  if (!allow_run_as_user && !m->chroot_possible)
+    return false;
+
   CS *cs = static_cast<CS *>(c->other_end);
   cs->remote_port = m->port;
@@ -859,4 +874,5 @@ handle_login (MsgChannel *c, Msg *_m)
     cs->nodename = cs->name;
   cs->host_platform = m->host_platform;
+  cs->chroot_possible = m->chroot_possible;
   cs->pick_new_id();
   handle_monitor_stats( cs );