On Fri, Apr 06, 2018 at 11:28:58AM -0400, William L. Thomson Jr. wrote:
> On Fri, 6 Apr 2018 14:10:51 +0900 Carsten Haitzler (The Rasterman) 
> <ras...@rasterman.com> wrote:
> > limiting your sandbox from
> > accessing XDG_RUNTIME_DIR is probably a very bad idea, because this
> > is the standard "xdg" location for any run-time files. sockets or any
> > other relevant "only around during runtime of a users log in session"
> > files (thus they are not expected to persist and this dir and it not
> > shared between users etc.) :)

Well, it's not quite that simple during package builds.  Debian has a
similar policy because users may build packages outside of a chroot.
If the build process writes outside of the build dir, this could mess
with their real home dirs.

I imagine the Gentoo motivation is the same.

> This is during build, nothing is running. Also this violates Gentoo
> distro specific build policies.
> 
> "All packages must build correctly when sandbox is active. "
> https://devmanual.gentoo.org/general-concepts/sandbox/

Solution is to run WITH XDG_RUNTIME_DIR and HOME set to a temp dir:
https://sources.debian.org/src/efl/1.20.7-4/debian/fake_home.sh/

Example use:
https://sources.debian.org/src/efl/1.20.7-4/debian/rules/#L62

> Seems like something does need to be fixed.

Yes - the build environment!

Ross

Attachment: signature.asc
Description: PGP signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Reply via email to