1 |
I grepped through portage today and it appears that there are a large |
2 |
number of ebuilds that abuse addwrite in bad (potentially dangerous) ways. |
3 |
|
4 |
I'll spare the list at this time and ask that anyone maintaining such an |
5 |
ebuild *please* try to fix it (patch, bug upstream, etc) so that it |
6 |
isn't required. This is both for the safety of gentoo users and for |
7 |
security. |
8 |
|
9 |
Pebenito has also started work on an SELinux based sandbox (does the |
10 |
same thing as sandbox, just limits it using SELinux domains for SELinux |
11 |
users). Since it wouldn't have the ability to do these arbitrary rule |
12 |
additions all these ebuilds would fail. |
13 |
|
14 |
Thanks |
15 |
|
16 |
Joshua Brindle |
17 |
|
18 |
-- |
19 |
gentoo-dev@g.o mailing list |