Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 356320 Details for
Bug 481450
sys-apps/portage: FEATURES=network-sandbox to unshare() networking in ebuilds
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
2. Add FEATURES=network-sandbox
0002-Disable-networking-only-if-FEATURES-network-sandbox.patch (text/plain), 2.57 KB, created by
Michał Górny
on 2013-08-17 20:16:42 UTC
(
hide
)
Description:
2. Add FEATURES=network-sandbox
Filename:
MIME Type:
Creator:
Michał Górny
Created:
2013-08-17 20:16:42 UTC
Size:
2.57 KB
patch
obsolete
>From 4ca1f0db91cf72340ee07d8cd4225443acedd17b Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org> >Date: Sat, 17 Aug 2013 20:18:35 +0200 >Subject: [PATCH 2/4] Disable networking only if FEATURES=network-sandbox. > >--- > man/make.conf.5 | 4 ++++ > pym/portage/const.py | 3 ++- > pym/portage/package/ebuild/doebuild.py | 2 +- > 3 files changed, 7 insertions(+), 2 deletions(-) > >diff --git a/man/make.conf.5 b/man/make.conf.5 >index 63e2097..461172c 100644 >--- a/man/make.conf.5 >+++ b/man/make.conf.5 >@@ -415,6 +415,10 @@ isn't a symlink to /usr/lib64. To find the bad packages, we have a > portage feature called \fImultilib\-strict\fR. It will prevent emerge > from putting 64bit libraries into anything other than (/usr)/lib64. > .TP >+.B network\-sandbox >+Isolate the ebuild phase functions from host network interfaces. >+Supported only on Linux. Requires network namespace support in kernel. >+.TP > .B news > Enable GLEP 42 news support. See > \fIhttp://www.gentoo.org/proj/en/glep/glep-0042.html\fR. >diff --git a/pym/portage/const.py b/pym/portage/const.py >index bd55cb1..cde0079 100644 >--- a/pym/portage/const.py >+++ b/pym/portage/const.py >@@ -104,7 +104,8 @@ SUPPORTED_FEATURES = frozenset([ > "fail-clean", "force-mirror", "force-prefix", "getbinpkg", > "installsources", "keeptemp", "keepwork", "fixlafiles", "lmirror", > "merge-sync", >- "metadata-transfer", "mirror", "multilib-strict", "news", >+ "metadata-transfer", "mirror", "multilib-strict", >+ "network-sandbox", "news", > "noauto", "noclean", "nodoc", "noinfo", "noman", > "nostrip", "notitles", "parallel-fetch", "parallel-install", > "prelink-checksums", "preserve-libs", >diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py >index 59a0474..a35e717 100644 >--- a/pym/portage/package/ebuild/doebuild.py >+++ b/pym/portage/package/ebuild/doebuild.py >@@ -1460,7 +1460,7 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero > features = mysettings.features > > # Unshare network namespace to keep ebuilds sanitized >- if not networked and uid == 0 and platform.system() == 'Linux': >+ if not networked and uid == 0 and platform.system() == 'Linux' and "network-sandbox" in features: > keywords['unshare_net'] = True > > # TODO: Enable fakeroot to be used together with droppriv. The >-- >1.8.3.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=356320">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 481450
:
356282
| 356320 |
356322
|
356324
