1 |
On Thu, 11 Jan 2007 09:07:54 +0900 Georgi Georgiev <chutz@×××.net> |
2 |
wrote: |
3 |
| Further, by adopting ACCEPT_RESTRICT, it would be possible to be able |
4 |
| to say: ACCEPT_RESTRICT=-sandbox: Do not let any ebuild touch |
5 |
| anything outside the sandbox. |
6 |
| ACCEPT_RESTRICT=-userpriv: Do not let any ebuild run with elevated |
7 |
| privileges. |
8 |
|
9 |
Which gains what, exactly? These are not things about which the end |
10 |
user should be concerned. |
11 |
|
12 |
-- |
13 |
Ciaran McCreesh |
14 |
Mail : ciaranm at ciaranm.org |
15 |
Web : http://ciaranm.org/ |
16 |
Paludis, the secure package manager : http://paludis.pioto.org/ |