Summary: | [Future EAPI] Support RESTRICT=usersandbox | ||
---|---|---|---|
Product: | Gentoo Hosted Projects | Reporter: | Peter Levine <plevine457> |
Component: | PMS/EAPI | Assignee: | PMS/EAPI <pms> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | mgorny, plevine457 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Peter Levine
2023-01-21 06:01:30 UTC
Note that PMS doesn't cover sandbox restriction at all: https://dev.gentoo.org/~ulm/pms/head/pms.html#section-7.3.6. It's a Portageism. I see. It used to be a part of PMS (https://bugs.gentoo.org/161045) and given that the PMS already includes a 'Sandbox commands' section, it seems strange not to either sever it off completely or support if fully. The majority of "problems involving sandbox" are due to the specific sandbox implementation (and often even sandbox version) rather than the general idea of restricting filesystem access. General "restrict sandbox" is a bad idea because it prevents people from using a better implementation in the future (e.g. sydbox that's based on ptrace or fusebox that's based on FUSE). I see. |