| 1 |
On Thu, 15 May 2014 16:48:24 +0100 |
| 2 |
Ciaran McCreesh <ciaran.mccreesh@××××××××××.com> wrote: |
| 3 |
|
| 4 |
> Sandboxing isn't about security. It's about catching mistakes. |
| 5 |
|
| 6 |
Ciaran has a point here. Thomas, you assumed that network-sandbox is |
| 7 |
the only thing stopping an ebuild from accessing local services or the |
| 8 |
internet. However, even with network-sandbox being enabled such |
| 9 |
behaviour would still constitue a major bug which would be fixed by the |
| 10 |
devs. |
| 11 |
|
| 12 |
So yes, network-sandbox (and same goes for ipc-sandbox) is mainly a |
| 13 |
debugging aid for developers which will help them spot such problems |
| 14 |
more easily. |
| 15 |
|
| 16 |
|
| 17 |
-- |
| 18 |
Regards, |
| 19 |
Luis Ressel |
Archives