[gentoo-user] Sandbox vs userpriv

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-user] Sandbox vs userpriv
@ 2012-08-13  8:49 Nilesh Govindrajan
  2012-08-13  8:50 ` [gentoo-user] " Nilesh Govindrajan
  0 siblings, 1 reply; 6+ messages in thread
From: Nilesh Govindrajan @ 2012-08-13  8:49 UTC (permalink / raw
  To: Gentoo User Mailing List

[-- Attachment #1: Type: text/plain, Size: 93 bytes --]

What's the disadvantage of compiling in sandbox instead of compiling
directly with userpriv?

[-- Attachment #2: Type: text/html, Size: 105 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [gentoo-user] Re: Sandbox vs userpriv
  2012-08-13  8:49 [gentoo-user] Sandbox vs userpriv Nilesh Govindrajan
@ 2012-08-13  8:50 ` Nilesh Govindrajan
  2012-08-13  9:21   ` Hinnerk van Bruinehsen
                     ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Nilesh Govindrajan @ 2012-08-13  8:50 UTC (permalink / raw
  To: Gentoo User Mailing List

[-- Attachment #1: Type: text/plain, Size: 185 bytes --]

On Aug 13, 2012 2:19 PM, "Nilesh Govindrajan" <contact@nileshgr.com> wrote:
>
> What's the disadvantage of compiling in sandbox instead of compiling
directly with userpriv?

*advantage

[-- Attachment #2: Type: text/html, Size: 279 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [gentoo-user] Re: Sandbox vs userpriv
  2012-08-13  8:50 ` [gentoo-user] " Nilesh Govindrajan
@ 2012-08-13  9:21   ` Hinnerk van Bruinehsen
  2012-08-13  9:41   ` Dale
  2012-08-13 12:07   ` Michael Mol
  2 siblings, 0 replies; 6+ messages in thread
From: Hinnerk van Bruinehsen @ 2012-08-13  9:21 UTC (permalink / raw
  To: gentoo-user

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 13.08.2012 10:50, Nilesh Govindrajan wrote:
> On Aug 13, 2012 2:19 PM, "Nilesh Govindrajan"
> <contact@nileshgr.com> wrote:
>> 
>> What's the disadvantage of compiling in sandbox instead of
>> compiling
> directly with userpriv?
> 
> *advantage
> 

I think the advantage is that you can compile as root with some kind
of protection. ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJQKMcgAAoJEJwwOFaNFkYco+8H/RpzlTRsA2pcBobv/L81B0J3
UQN8pDOwjaafm0rrjOFFrYG3XPDRML9dv0STULCqcpbtLFjdbmWmbLzn0DCDopbG
mu2yd+ZCac36KKtGJfBLJjKiJz3NwuAMkfpGcUqFK0EaeHkmYLYVi7yWEL9C9j+H
IATc2BJ4HFDgK5VJEYwFK+AlPwqr/Rkepsy38wId8hjKeQCCpsJ/C32we162aiuH
dP2OyfPrrXf0Jkb+9gTuXOlhPCgIlE7eDUfD/S77ysdGG2j6JzDzyPlk2BNz2P+S
5OQTqx2a/FvEU+JtyOEoSM1Ng4fvODfq+26G+T7Mn1mPvND6Eb0U4d+KjHJVuME=
=vAHc
-----END PGP SIGNATURE-----


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [gentoo-user] Re: Sandbox vs userpriv
  2012-08-13  8:50 ` [gentoo-user] " Nilesh Govindrajan
  2012-08-13  9:21   ` Hinnerk van Bruinehsen
@ 2012-08-13  9:41   ` Dale
  2012-08-13 12:07   ` Michael Mol
  2 siblings, 0 replies; 6+ messages in thread
From: Dale @ 2012-08-13  9:41 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 472 bytes --]

Nilesh Govindrajan wrote:
>
> On Aug 13, 2012 2:19 PM, "Nilesh Govindrajan" <contact@nileshgr.com
> <mailto:contact@nileshgr.com>> wrote:
> >
> > What's the disadvantage of compiling in sandbox instead of compiling
> directly with userpriv?
>
> *advantage
>


I found this:

http://devmanual.gentoo.org/general-concepts/sandbox/

That help any? 

Dale

:-)  :-) 

-- 
I am only responsible for what I said ... Not for what you understood or how you interpreted my words!


[-- Attachment #2: Type: text/html, Size: 1162 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [gentoo-user] Re: Sandbox vs userpriv
  2012-08-13  8:50 ` [gentoo-user] " Nilesh Govindrajan
  2012-08-13  9:21   ` Hinnerk van Bruinehsen
  2012-08-13  9:41   ` Dale
@ 2012-08-13 12:07   ` Michael Mol
  2012-08-13 13:18     ` Nilesh Govindrajan
  2 siblings, 1 reply; 6+ messages in thread
From: Michael Mol @ 2012-08-13 12:07 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 866 bytes --]

On Mon, Aug 13, 2012 at 4:50 AM, Nilesh Govindrajan <contact@nileshgr.com>wrote:

> On Aug 13, 2012 2:19 PM, "Nilesh Govindrajan" <contact@nileshgr.com>
> wrote:
> >
> > What's the disadvantage of compiling in sandbox instead of compiling
> directly with userpriv?
>
> *advantage
>

If you do things like parallel builds (-j applied to emerge, not just
make), a sandbox can help keep the build environment consistent throughout
a build. (And if that's not a feature that's currently in sandbox, it's one
where an extension of which is being discussed in -dev right now, and being
worked on by a few people.)

The other thing sandbox gives you is some protection from badly-written
build systems, such as ones which go out and modify files outside of
explicitly-allowed paths and the like, or try installing files before 'make
install'...that kind of thing.

-- 
:wq

[-- Attachment #2: Type: text/html, Size: 1314 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [gentoo-user] Re: Sandbox vs userpriv
  2012-08-13 12:07   ` Michael Mol
@ 2012-08-13 13:18     ` Nilesh Govindrajan
  0 siblings, 0 replies; 6+ messages in thread
From: Nilesh Govindrajan @ 2012-08-13 13:18 UTC (permalink / raw
  To: gentoo-user

On Mon 13 Aug 2012 05:37:27 PM IST, Michael Mol wrote:
> On Mon, Aug 13, 2012 at 4:50 AM, Nilesh Govindrajan
> <contact@nileshgr.com <mailto:contact@nileshgr.com>> wrote:
>
>     On Aug 13, 2012 2:19 PM, "Nilesh Govindrajan"
>     <contact@nileshgr.com <mailto:contact@nileshgr.com>> wrote:
>     >
>     > What's the disadvantage of compiling in sandbox instead of
>     compiling directly with userpriv?
>
>     *advantage
>
>
> If you do things like parallel builds (-j applied to emerge, not just
> make), a sandbox can help keep the build environment consistent
> throughout a build. (And if that's not a feature that's currently in
> sandbox, it's one where an extension of which is being discussed in
> -dev right now, and being worked on by a few people.)
>
> The other thing sandbox gives you is some protection from
> badly-written build systems, such as ones which go out and modify
> files outside of explicitly-allowed paths and the like, or try
> installing files before 'make install'...that kind of thing.
>
> --
> :wq

I see. Actually I came up with this question because dev-lang/php was 
emitting some errors when I was building with sandbox enabled (I never 
disabled it actually). I guess I'll enable it again and disable when 
some ebuilds trouble.

--
Nilesh Govindrajan
http://nileshgr.com


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2012-08-13 13:21 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-13  8:49 [gentoo-user] Sandbox vs userpriv Nilesh Govindrajan
2012-08-13  8:50 ` [gentoo-user] " Nilesh Govindrajan
2012-08-13  9:21   ` Hinnerk van Bruinehsen
2012-08-13  9:41   ` Dale
2012-08-13 12:07   ` Michael Mol
2012-08-13 13:18     ` Nilesh Govindrajan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox