| 1 |
On Monday 22 September 2003 19:08, Luke-Jr wrote: |
| 2 |
> On Monday 22 September 2003 05:06 pm, Andrew Gaffney wrote: |
| 3 |
> > I've only been partly following this thread, but I think I may |
| 4 |
> > understand. The ebuild doesn't install the game. It just installs the |
| 5 |
> > installer. Portage can track where the installer is installed, but the |
| 6 |
> > files that the installer places are installed independently of the |
| 7 |
> > ebuild and portage. |
| 8 |
> |
| 9 |
> I'm referring to in general, not just this specific case. Why not make the |
| 10 |
> $WORKDIR invisible to ebuilds? It would probably help with ebuild that |
| 11 |
> currently need to patch broken Makefiles too. |
| 12 |
|
| 13 |
If there were some way that we can have overlay filesystems supported by the |
| 14 |
kernel ( readonly mount root, and over that mount a freshly created dir that |
| 15 |
will be used for all writes instead of the original. For reads though the |
| 16 |
original filesystem is visible (as long as there is no file with the same |
| 17 |
name in the writable part)) then it would be quite easy with chroot to |
| 18 |
"track" changes. I'm not a kernel coder, and I have no idea whether such code |
| 19 |
allready exists. It should be not too complex either. And also provide some |
| 20 |
of the "extra security" that was asked by an earlier thread this month. It |
| 21 |
should also be more foolproof than the sandbox, but relies on the kernel. |
| 22 |
|
| 23 |
Paul |
| 24 |
|
| 25 |
-- |
| 26 |
Paul de Vrieze |
| 27 |
Gentoo Developer |
| 28 |
Mail: pauldv@g.o |
| 29 |
Homepage: http://www.devrieze.net |
Archives