| 1 |
Mike Kelly <pioto@g.o> posted 4583364A.1010108@g.o, |
| 2 |
excerpted below, on Fri, 15 Dec 2006 18:56:58 -0500: |
| 3 |
|
| 4 |
> Marijn Schouten wrote: |
| 5 |
>> 3) security. When installing a package, it only has write access to its |
| 6 |
>> own directory. I'm guessing they do this with ACLs. |
| 7 |
>> |
| 8 |
>> So we have this cool package manager which supports 1) and 2), but not |
| 9 |
>> 3) I think, and they have almost no package manager, but it supports 1), |
| 10 |
>> 2) and 3). |
| 11 |
> |
| 12 |
> Gentoo has this feature, too. It's provided by a package called |
| 13 |
> sys-apps/sandbox. It's a dependency of portage on all glibc and uclibc |
| 14 |
> systems (so, it's part of any standard Gentoo/Linux install). It |
| 15 |
> prevents packages from touching anything outside of their build |
| 16 |
> directory, or an image directory where it is installed before portage |
| 17 |
> merges the files into the live filesystem. |
| 18 |
|
| 19 |
As I understand GOBO Linux, however, the way they do it is a bit |
| 20 |
different. Since they install all of a package to the same place -- it's |
| 21 |
own dir, not mixed up with files from other packages in a public dir -- |
| 22 |
when he said it can only write to it's own dir as it installs, that's |
| 23 |
literally what he /meant/, it can write to /that/ /dir/ and /nowhere/ else. |
| 24 |
|
| 25 |
GOBO is one of the few Linuxes that has that, because the way it installs |
| 26 |
stuff is so very different than traditional *ix, including Gentoo Linux. |
| 27 |
|
| 28 |
OTOH, that means config files and data files and executables and libraries |
| 29 |
and icons and .desktop files and all the rest that might get installed by |
| 30 |
the package is all in the same dir, no separation of executables from |
| 31 |
config from data. A traditional *ix or even normal Linux admin would be |
| 32 |
driven to distraction with that sort of arrangement, and it's little |
| 33 |
wonder none of the Gentoo devs seem the least bit interested. It does |
| 34 |
have it's own kind of logic, but it's so different from regular *ix logic, |
| 35 |
few *ix heads will consider it even worth their time to think about. |
| 36 |
|
| 37 |
-- |
| 38 |
Duncan - List replies preferred. No HTML msgs. |
| 39 |
"Every nonfree program has a lord, a master -- |
| 40 |
and if you use the program, he is your master." Richard Stallman |
| 41 |
|
| 42 |
-- |
| 43 |
gentoo-dev@g.o mailing list |
Archives