| 1 |
On Wed, Feb 27, 2008 at 06:19:39PM -0600, Jeremy wrote: |
| 2 |
|
| 3 |
>> I'm afraid not, because when installing as user michael dosbin can't |
| 4 |
>> chown a file to root:amanda and chmod it 1750. I'd have to fix |
| 5 |
>> permissions manually all the time. |
| 6 |
|
| 7 |
> Support for serveice scripts or daemons that run as root are not currently |
| 8 |
> supported. See bug #196294 if you would like to contribute. the baselayout |
| 9 |
> version in prefix is really old and needs alot of work. |
| 10 |
|
| 11 |
Since Mac OS X now consistently uses launchd, which is hugely different |
| 12 |
from sysvinit/inetd, I expected and accepted that. I'm looking for |
| 13 |
root-safeness. |
| 14 |
|
| 15 |
I'll have a go this evening at: |
| 16 |
|
| 17 |
- compiling as root and seeing if the resulting permissions are sensible |
| 18 |
- compiling as root and looking into preventing files outside of |
| 19 |
$EPREFIX being overwritten |
| 20 |
|
| 21 |
I realised that fink doesn't do the second part either, so it's not that |
| 22 |
much of a showstopper if prefix-portage doesn't do it. But it'd sure be |
| 23 |
nice to have. |
| 24 |
|
| 25 |
I also realised that sandbox might be Linux-specific and therefore take |
| 26 |
a lot of effort to port to Mac OS X. A first step might be for emerge to |
| 27 |
refuse placing files outside of $EPREFIX. This wouldn't catch broken |
| 28 |
make install scripts overwriting /bin/bash but would catch broken |
| 29 |
ebuilds compiling for /bin/bash instead of $EPREFIX/bin/bash. |
| 30 |
|
| 31 |
How might FEATURES="userpriv" help here, d'you think? |
| 32 |
-- |
| 33 |
Micha |
| 34 |
-- |
| 35 |
gentoo-alt@l.g.o mailing list |
Archives