On Fri, Sep 14, 2012 at 12:12 PM, Rick "Zero_Chaos" Farina <[email protected]> wrote: > I didn't mean to pick on bzr.eclass, I think it's always wrong to do > this. And you picked out the exact reasoning I did "I'm not sure if it > would be worth the effort to compute a more accurate argument for > addwrite." I think it is worth the effort to do it right. I mean > (purposeful exaggeration here) we could save the addwrite entirely by > just "killall sandbox" or we could prevent from reoccurring by > restricting the sandbox feature. Any time you do "addwrite /" you > completely defeat the entire purpose of sandbox. It's not write (get it?). > > I'm not saying this is an emergency nor should it hold back any changes > you need to make to argue with me about it. However, if you were to do > it right that would be cool. Otherwise we could all start fixing our > sandbox issues by just doing "addwrite /" at the top of all ebuilds. >
The sandbox is mostly useful to prevent build systems from messing with the live system without the developer's knowledge. It is perfectly reasonable to disable the sandbox for a single mkdir call that we have direct control over.
