1 |
Dnia 2015-01-21, o godz. 11:05:34 |
2 |
Michał Górny <mgorny@g.o> napisał(a): |
3 |
|
4 |
> Generic proxy solution |
5 |
> ---------------------- |
6 |
> |
7 |
> The simplest solution so far seems to be setting a generic SOCKS proxy |
8 |
> inside the build environment, and wrapping distcc so that it will use |
9 |
> it for network access. |
10 |
> |
11 |
> Unless we do some extra magic which don't want to do, this means that |
12 |
> other apps can also abuse the proxy to reach outside sandbox. However, |
13 |
> network-sandbox is not really a security feature, so I don't think that |
14 |
> is important. At least as long as we don't export it globally :). |
15 |
> |
16 |
> Of course, software is a problem. We'd need at least some SOCKS server |
17 |
> for Portage (at least a very simple one), and as far as I'm aware |
18 |
> distcc does not support SOCKS directly, so tsocks in addition to that. |
19 |
|
20 |
So finally went this way instead. I've implemented a simple SOCKSv5 |
21 |
server over UNIX sockets [1] and wrote a patch adding SOCKSv5 support |
22 |
to distcc [2,3]. With the two patches, everything works perfectly for |
23 |
me :). |
24 |
|
25 |
[1]:http://article.gmane.org/gmane.linux.gentoo.portage.devel/5142 |
26 |
[2]:https://code.google.com/p/distcc/issues/detail?id=149 |
27 |
[3]:https://bugs.gentoo.org/show_bug.cgi?id=537616 |
28 |
|
29 |
-- |
30 |
Best regards, |
31 |
Michał Górny |