From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-84045-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 61DEF1382C5
	for <garchives@archives.gentoo.org>; Fri,  9 Mar 2018 00:46:36 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 08AB1E0967;
	Fri,  9 Mar 2018 00:46:30 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id A5875E0956
	for <gentoo-dev@lists.gentoo.org>; Fri,  9 Mar 2018 00:46:28 +0000 (UTC)
Received: from x2 (i60-34-248-125.s41.a006.ap.plala.or.jp [60.34.248.125])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: heroxbd)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 8FB8F335C09
	for <gentoo-dev@lists.gentoo.org>; Fri,  9 Mar 2018 00:46:27 +0000 (UTC)
From: Benda Xu <heroxbd@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: [gentoo-dev] Functional portage with namespace (Was: Integrating Portage with other package managers)
In-Reply-To: <CAGfcS_kw=Vvp0-PVpJwhW=KKNWKPvoWwGuzCpTyAPz+eXWnfng@mail.gmail.com>
	(Rich Freeman's message of "Thu, 8 Mar 2018 12:50:36 -0500")
References: <a75fecad-5d48-b8ce-932e-faa97970c82b@teknik.io>
	<b425dbfd-57cf-cf9e-ade4-e2b62f2dafa1@gentoo.org>
	<CAAr7Pr9J6gTxcXr4Ci0eshhUhwr1s8mhmrSObthJgrkTN_-62w@mail.gmail.com>
	<CAAD4mYjoks4i-Ge-vfFaGz_2iWGYTf4EmA-pTe0EB9CqKrHA=g@mail.gmail.com>
	<CAAr7Pr8FaxohJfDqK_6u-=yVSdUEUOAB0RD6=kGCXKjw2N+QiQ@mail.gmail.com>
	<CAAD4mYgfCc08iyBoefzL5fXt230E8JrVY5dOU+WAD=3ur2L3wA@mail.gmail.com>
	<CAGfcS_mCa=7z_h6xWZQTHvL10WqbxETUmtyLSUt+MAnpDzBzcQ@mail.gmail.com>
	<CAAD4mYjrr47m=9z55eVyT8bkqAVT=DaJbMPxWky4-b=09BrNdQ@mail.gmail.com>
	<CAGfcS_kw=Vvp0-PVpJwhW=KKNWKPvoWwGuzCpTyAPz+eXWnfng@mail.gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)
Date: Fri, 09 Mar 2018 09:46:15 +0900
Message-ID: <87y3j2rs88.fsf_-_@gentoo.org>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain
X-Archives-Salt: b77d5394-98b3-4c22-a5a6-fb9e43befb6c
X-Archives-Hash: 3eb9903c97ec84a38c3f6b4370f6f994

Rich Freeman <rich0@gentoo.org> writes:

> If you have util-linux installed then try running (as any user - you
> don't have to be root): unshare -i -m -n -p -u -C -f --mount-proc -U
> -r /bin/bash
>
> Congrats.  You are now root in a container.  You're in the same root
> filesystem as always.  You'll note that you can't actually see
> anything that you couldn't see before.  If you run ps -ea you'll see
> that you're the only process running on the system.  Devices like
> /dev/sda aren't actually accessible.  A lot of container managers
> would mount a new /dev and just hide most of that stuff.  You can
> probably imagine how something like this could be useful for isolating
> processes.  

Just a side node, this seems to be the ultimate sandbox we (Gentoo and
portage) are after.  With this, we might even be able to have portage
full functional: a build is completely determined and only determined by
the dependencies and USE flags.