Ciaran McCreesh yazmış: > On Wed, 26 Aug 2009 01:09:20 +0300 > Ali Polatel <[email protected]> wrote: > > To do this we have to take ports into account as well but that's easy. > > What do you think? > > Can you let it connect only to ports that it itself is listening on? I > can't think of any obvious reason tests should be allowed to talk to > anything else. >
In my opinion the easiest and cleanest way to implement this is network whitelisting. Which may work like: sydboxcmd net/deny # somewhere in ebuild.bash sydboxcmd net/whitelist/127.0.0.1:80 # in for example src_test which means we'll deny all network connections by default and let the exheres author allow them as she/he wishes. What do you think? -- Regards, Ali Polatel
pgpy4xv1u27qY.pgp
Description: PGP signature
_______________________________________________ Exherbo-dev mailing list [email protected] http://lists.exherbo.org/mailman/listinfo/exherbo-dev
