@@ -, +, @@ 
 #548710
---
 man/make.conf.5                        | 4 ++++
 pym/portage/const.py                   | 1 +
 pym/portage/package/ebuild/doebuild.py | 3 ++-
 3 files changed, 7 insertions(+), 1 deletion(-)
--- a/man/make.conf.5	
+++ a/man/make.conf.5	
@@ -463,6 +463,10 @@ from putting 64bit libraries into anything other than (/usr)/lib64.
 .B network\-sandbox
 Isolate the ebuild phase functions from host network interfaces.
 Supported only on Linux. Requires network namespace support in kernel.
+.TP
+.B network\-sandbox\-proxy
+Enable escaping network-sandbox through SOCKSv5 proxy. Enabling distcc
+feature also enables the proxy.
 
 If asyncio Python module is available (requires Python 3.3, built-in
 since Python 3.4) Portage will additionally spawn an isolated SOCKSv5
--- a/pym/portage/const.py	
+++ a/pym/portage/const.py	
@@ -158,6 +158,7 @@ SUPPORTED_FEATURES       = frozenset([
 	"mirror",
 	"multilib-strict",
 	"network-sandbox",
+	"network-sandbox-proxy",
 	"news",
 	"noauto",
 	"noclean",
--- a/pym/portage/package/ebuild/doebuild.py	
+++ a/pym/portage/package/ebuild/doebuild.py	
@@ -1505,7 +1505,8 @@ def spawn(mystring, mysettings, debug=False, free=False, droppriv=False,
 		keywords['unshare_net'] = not networked
 		keywords['unshare_ipc'] = not ipc
 
-		if not networked and mysettings.get("EBUILD_PHASE") != "nofetch":
+		if not networked and mysettings.get("EBUILD_PHASE") != "nofetch" and \
+			("network-sandbox-proxy" in features or "distcc" in features):
 			# Provide a SOCKS5-over-UNIX-socket proxy to escape sandbox
 			# Don't do this for pkg_nofetch, since the spawn_nofetch
 			# function creates a private PORTAGE_TMPDIR.
--