| 1 |
Dnia 2015-01-21, o godz. 11:05:34 |
| 2 |
Michał Górny <mgorny@g.o> napisał(a): |
| 3 |
|
| 4 |
> Generic proxy solution |
| 5 |
> ---------------------- |
| 6 |
> |
| 7 |
> The simplest solution so far seems to be setting a generic SOCKS proxy |
| 8 |
> inside the build environment, and wrapping distcc so that it will use |
| 9 |
> it for network access. |
| 10 |
> |
| 11 |
> Unless we do some extra magic which don't want to do, this means that |
| 12 |
> other apps can also abuse the proxy to reach outside sandbox. However, |
| 13 |
> network-sandbox is not really a security feature, so I don't think that |
| 14 |
> is important. At least as long as we don't export it globally :). |
| 15 |
> |
| 16 |
> Of course, software is a problem. We'd need at least some SOCKS server |
| 17 |
> for Portage (at least a very simple one), and as far as I'm aware |
| 18 |
> distcc does not support SOCKS directly, so tsocks in addition to that. |
| 19 |
|
| 20 |
So finally went this way instead. I've implemented a simple SOCKSv5 |
| 21 |
server over UNIX sockets [1] and wrote a patch adding SOCKSv5 support |
| 22 |
to distcc [2,3]. With the two patches, everything works perfectly for |
| 23 |
me :). |
| 24 |
|
| 25 |
[1]:http://article.gmane.org/gmane.linux.gentoo.portage.devel/5142 |
| 26 |
[2]:https://code.google.com/p/distcc/issues/detail?id=149 |
| 27 |
[3]:https://bugs.gentoo.org/show_bug.cgi?id=537616 |
| 28 |
|
| 29 |
-- |
| 30 |
Best regards, |
| 31 |
Michał Górny |
Archives