On Thu, 2007-01-11 at 09:07 +0900, Georgi Georgiev wrote: > Further, by adopting ACCEPT_RESTRICT, it would be possible to be able to say: > ACCEPT_RESTRICT=-sandbox: Do not let any ebuild touch anything outside > the sandbox.
> ACCEPT_RESTRICT=-userpriv: Do not let any ebuild run with elevated privileges. Exactly. Currently, it's read like this: FEATURES, RESTRICT What we're proposing is this: FEATURES, RESTRICT, ACCEPT_RESTRICT Imagine you have userpriv in FEATURES. If an ebuild has RESTRICT=userpriv, it *WILL* disable userpriv, no matter what the user does. Adding ACCEPT_RESTRICT allows the user to not list userpriv (or -userpriv if userpriv is on by default) and the ebuild WILL NOT RUN if it requires userpriv be disabled. -- Chris Gianelloni Release Engineering Strategic Lead Alpha/AMD64/x86 Architecture Teams Games Developer/Council Member/Foundation Trustee Gentoo Foundation
signature.asc
Description: This is a digitally signed message part