From: Matt Rickard <frogger@gentoo.org>
To: gentoo-dev@gentoo.org
Subject: Re: [gentoo-dev] chroot USE flag?
Date: Thu, 17 Jul 2003 20:49:20 -0400 [thread overview]
Message-ID: <20030717204920.5afc6e5f.frogger@gentoo.org> (raw)
In-Reply-To: <1058505300.8186.12.camel@y0shi>
On 18 Jul 2003 01:15:00 -0400
Brandon Hale <brandon@comp-u-tek.com> wrote:
> I propose a new USE flag for a few key services that would install the
> package in a chroot "out of the box." This idea was inspired by a
> conversation between Greg Fitzgerald (gregf) and myself on applying
> ideas from OpenBSD to Gentoo. Another source of inspiration is the
> excelent pkg_config code in the latest bind9 ebuilds. I further
> discussed this idea w/ memebers of the gentoo-hardened team and
> further crystalized the workings of such a flag. I would propose that
> the ebuild include two conditional install proceedures keyed on the
> chroot USE flag. The only possible problem I forsee is building
> devices inside the sandbox, which could be accomplished in
> pkg_postinstall as a last resort. I would be happy for any feedback or
> further development of this idea.
I think this is a good idea. A chroot USE flag would allow daemons to
be chrooted transparently without users having to manually ebuild
config. Chroot building could be done in the sandbox, and as Brandon
mentioned, we could create the device files with pkg_postinst. These
could be removed with pkg_postrm explicitly.
Eventually I would like to see this USE flag apply to more daemons than
just bind. I don't know which other packages in portage currently have
chrooting options (anyone help me out here?), but I'd at least like to
see this for ntpd and apache to start.
--
Matt Rickard
frogger@gentoo.org
--
gentoo-dev@gentoo.org mailing list
next prev parent reply other threads:[~2003-07-18 0:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-18 5:15 [gentoo-dev] chroot USE flag? Brandon Hale
2003-07-17 12:52 ` Alvaro Figueroa Cabezas
2003-07-18 6:44 ` Brandon Hale
2003-07-18 6:54 ` Brandon Hale
2003-07-18 3:08 ` Ned Ludd
2003-07-18 6:43 ` Toby Dickenson
2003-07-18 2:08 ` Alvaro Figueroa Cabezas
2003-07-18 0:49 ` Matt Rickard [this message]
2003-07-18 1:25 ` Christian Axelsson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030717204920.5afc6e5f.frogger@gentoo.org \
--to=frogger@gentoo.org \
--cc=gentoo-dev@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox