From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 2D2E1138334 for ; Wed, 12 Dec 2018 18:41:55 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2C867E07BA; Wed, 12 Dec 2018 18:41:54 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 03629E07BA for ; Wed, 12 Dec 2018 18:41:53 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 2A1DD335CA6 for ; Wed, 12 Dec 2018 18:41:52 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 8F718326 for ; Wed, 12 Dec 2018 18:41:49 +0000 (UTC) From: "Michał Górny" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Michał Górny" Message-ID: <1544640085.55a9d4ccc5ac90b454638f9205f8a5d20ca8b47a.mgorny@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: cnf/ X-VCS-Repository: proj/portage X-VCS-Files: cnf/make.globals X-VCS-Directories: cnf/ X-VCS-Committer: mgorny X-VCS-Committer-Name: Michał Górny X-VCS-Revision: 55a9d4ccc5ac90b454638f9205f8a5d20ca8b47a X-VCS-Branch: master Date: Wed, 12 Dec 2018 18:41:49 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: ea13876e-03eb-418f-b6b0-235646ae795b X-Archives-Hash: 29206ddf2e86d2cbd60b92f0ffd8e128 commit: 55a9d4ccc5ac90b454638f9205f8a5d20ca8b47a Author: Michał Górny gentoo org> AuthorDate: Wed Dec 12 17:36:48 2018 +0000 Commit: Michał Górny gentoo org> CommitDate: Wed Dec 12 18:41:25 2018 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=55a9d4cc Enable {ipc,network,pid}-sandbox by default The sandboxes are stable enough to be enabled by default, and they all prevent undesirable situations. Furthermore, they all gracefully handle missing namespace support. Reviewed-by: Zac Medico gentoo.org> Signed-off-by: Michał Górny gentoo.org> cnf/make.globals | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/cnf/make.globals b/cnf/make.globals index d394a1890..1bcc7ce64 100644 --- a/cnf/make.globals +++ b/cnf/make.globals @@ -52,10 +52,11 @@ FETCHCOMMAND_SFTP="bash -c \"x=\\\${2#sftp://} ; host=\\\${x%%/*} ; port=\\\${ho # Default user options FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs config-protect-if-modified distlocks ebuild-locks - fixlafiles merge-sync multilib-strict news - parallel-fetch preserve-libs protect-owned - sandbox sfperms strict unknown-features-warn unmerge-logs - unmerge-orphans userfetch userpriv usersandbox usersync" + fixlafiles ipc-sandbox merge-sync multilib-strict + network-sandbox news parallel-fetch pid-sandbox + preserve-libs protect-owned sandbox sfperms strict + unknown-features-warn unmerge-logs unmerge-orphans userfetch + userpriv usersandbox usersync" # Ignore file collisions in /lib/modules since files inside this directory # are never unmerged, and therefore collisions must be ignored in order for