Gentoo Archives: gentoo-portage-dev

From:	"Michał Górny" <mgorny@g.o>
To:	gentoo-portage-dev@l.g.o
Cc:	"Michał Górny" <mgorny@g.o>
Subject:	[gentoo-portage-dev] [PATCH] Enable cgroup, ipc-sandbox & network-sandbox by default
Date:	Mon, 06 Apr 2015 12:38:01
Message-Id:	`1428323869-9815-1-git-send-email-mgorny@gentoo.org`

1	All three features should be mature enough to be enabled by default.
2	CGroups provide better tracking for ebuild processes, while the two
3	sandboxes improve security through restricting IPC & network access for
4	build-only phases.
5
6	All the features degrade gracefully when the relevant kernel features
7	are not available.
8	---
9	cnf/make.globals \| 5 +++--
10	1 file changed, 3 insertions(+), 2 deletions(-)
11
12	diff --git a/cnf/make.globals b/cnf/make.globals
13	index dd99618..2d93e9d 100644
14	--- a/cnf/make.globals
15	+++ b/cnf/make.globals
16	@@ -50,9 +50,10 @@ RESUMECOMMAND_SSH=${FETCHCOMMAND_SSH}
17	FETCHCOMMAND_SFTP="bash -c \"x=\\\${2#sftp://} ; host=\\\${x%%/} ; port=\\\${host##:} ; host=\\\${host%:} ; [[ \\\${host} = \\\${port} ]] && port=22 ; eval \\\"declare -a ssh_opts=(\\\${3})\\\" ; exec sftp -P \\\${port} \\\"\\\${ssh_opts[@]}\\\" \\\"\\\${host}:/\\\${x#/}\\\" \\\"\\\$1\\\"\" sftp \"\${DISTDIR}/\${FILE}\" \"\${URI}\" \"\${PORTAGE_SSH_OPTS}\""
18
19	# Default user options
20	-FEATURES="assume-digests binpkg-logs
21	+FEATURES="assume-digests binpkg-logs cgroup
22	config-protect-if-modified distlocks ebuild-locks
23	- fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned
24	+ fixlafiles ipc-sandbox merge-sync network-sandbox
25	+ news parallel-fetch preserve-libs protect-owned
26	sandbox sfperms strict unknown-features-warn unmerge-logs
27	unmerge-orphans userfetch userpriv usersandbox usersync"
28
29	--
30	2.3.5

Subject	Author
[gentoo-portage-dev] Re: [PATCH] Enable cgroup, ipc-sandbox & network-sandbox by default	Martin Vaeth <martin@×××××.de>