On Tue, Feb 11, 2014 at 7:39 AM, Michael Palimaka <kensing...@gentoo.org> wrote: > On 02/11/2014 11:34 PM, Rich Freeman wrote: > >> One of those ideas I've always wanted to implement is to create a >> portage hook/patch that looks at the dependencies for the package >> being built and configures sandbox to block read-access to anything >> that wasn't explicitly declared. Sandbox works for read-access as >> well as write-access, though in /etc/sandbox.d/00default read-access >> is enabled everywhere by default. >> >> And, yes, it could be configured to allow access to @system... > That's pretty much what emerge_strict does.
What is emerge_strict? The Google is failing me here... Rich