Quoting Jakub Moc <[EMAIL PROTECTED]>:
Georgi Georgiev napsal(a):
I looked at the diff and it replaces export SANDBOX_ON=0 with
RESTRICT="sandbox". It seems that the problem is older than that
revision.
No, the gcl problem didn't exist until vapier "fixed" the ebuild. I
still fail to see why RESTRICT=sandbox is any better than the
undocumented `export SANDBOX_ON=0` hack (which basically shouldn't be
used anywhere in the tree anyway, ideally)...
Alright, I don't know what the "problem" is in your opinion, but the
way I see it is that the ebuild wants to touch stuff outside the
sandbox and *that* is the problem. There were obviously two solutions,
well, workarounds -- an undocumented variable and the RESTRICT.
*Neither* one is better than the other. What vapier did was make the
problem visible, which doesn't mean that he introduced it.
Further, by adopting ACCEPT_RESTRICT, it would be possible to be able to say:
ACCEPT_RESTRICT=-sandbox: Do not let any ebuild touch anything outside
the sandbox.
ACCEPT_RESTRICT=-userpriv: Do not let any ebuild run with elevated privileges.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--
[email protected] mailing list
