It is well known that Gentoo builds packages in a sandbox environment. It
protects from badly written build scripts [1] as well as some other threats.
I suggest that ArchLinux can build packages in such a sandbox, and this
behavior can be easily configured via makepkg.conf.
It seems that sandbox and lib32-sandbox ported from Gentoo in AUR works fine on
Arch.[2] So why don't Arch build packages in a sandbox? I admit that sandbox is
not always safe, but it does protects.
Notes:
[1]:
scripts like this: rm -Rf ${pkgdirr}/home
since ${pkgdirr} is mistyped, it will be `rm -Rf /home`
[2]:
https:///aur.archlinux.org/packages/sandbox/
... and https:///aur.archlinux.org/packages/lib32-sandbox/
