Mike Kelly <[EMAIL PROTECTED]> posted [EMAIL PROTECTED], excerpted below, on Fri, 15 Dec 2006 18:56:58 -0500:
> Marijn Schouten wrote: >> 3) security. When installing a package, it only has write access to its >> own directory. I'm guessing they do this with ACLs. >> >> So we have this cool package manager which supports 1) and 2), but not >> 3) I think, and they have almost no package manager, but it supports 1), >> 2) and 3). > > Gentoo has this feature, too. It's provided by a package called > sys-apps/sandbox. It's a dependency of portage on all glibc and uclibc > systems (so, it's part of any standard Gentoo/Linux install). It > prevents packages from touching anything outside of their build > directory, or an image directory where it is installed before portage > merges the files into the live filesystem. As I understand GOBO Linux, however, the way they do it is a bit different. Since they install all of a package to the same place -- it's own dir, not mixed up with files from other packages in a public dir -- when he said it can only write to it's own dir as it installs, that's literally what he /meant/, it can write to /that/ /dir/ and /nowhere/ else. GOBO is one of the few Linuxes that has that, because the way it installs stuff is so very different than traditional *ix, including Gentoo Linux. OTOH, that means config files and data files and executables and libraries and icons and .desktop files and all the rest that might get installed by the package is all in the same dir, no separation of executables from config from data. A traditional *ix or even normal Linux admin would be driven to distraction with that sort of arrangement, and it's little wonder none of the Gentoo devs seem the least bit interested. It does have it's own kind of logic, but it's so different from regular *ix logic, few *ix heads will consider it even worth their time to think about. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman -- gentoo-dev@gentoo.org mailing list
