W dniu wto, 16.01.2018 o godzinie 23∶32 -0500, użytkownik Mike Gilbert napisał: > On Tue, Jan 16, 2018 at 4:46 PM, Mike Frysinger <vap...@gentoo.org> wrote: > > From: Mike Frysinger <vap...@chromium.org> > > > > Some ebuilds are a bit hard to fix their use of the network in src > > phases, so allow them to disable things. This allows us to turn off > > access by default and for the vast majority while we work out how to > > fix the few broken packages. > > If we are going to allow network sandboxing to be disabled in > individual ebuilds, we should also allow the other sandboxes to be > disabled for the same reasons. sys-apps/sandbox has been notoriously > buggy, for example. > > Also, valid RESTRICT values are specified in PMS, so this really > belongs in an a new EAPI.
As long as this isn't used in ::gentoo, I don't mind. However, for completeness I should point out that: a. you should be addressing the root issue and not bashing with big 'sandbox' hammer whenever something fails -- i.e. if the problem is due to LD_PRELOAD being used (which is frequently the case), then the solution is to wipe LD_PRELOAD, b. you should be addressing it in as narrow scope as possible -- i.e. it is usually enough to disable sandbox for the execution of a single command rather than the whole ebuild. That said, app-portage/unsandbox is much cleaner solution here. -- Best regards, Michał Górny
