Hi, It was my project. The portage changed a lot since that time, I can try to renew it, if it's still used.
2014-02-12 17:45 GMT+06:00 Michael Palimaka <kensing...@gentoo.org>: > On 02/12/2014 04:56 PM, Brian Dolbec wrote: > > On Wed, 12 Feb 2014 01:36:01 +1100 > > Michael Palimaka <kensing...@gentoo.org> wrote: > > > >> On 02/12/2014 01:03 AM, Rich Freeman wrote: > >>> On Tue, Feb 11, 2014 at 7:39 AM, Michael Palimaka > >>> <kensing...@gentoo.org> wrote: > >>>> On 02/11/2014 11:34 PM, Rich Freeman wrote: > >>>> > >>>>> One of those ideas I've always wanted to implement is to create a > >>>>> portage hook/patch that looks at the dependencies for the package > >>>>> being built and configures sandbox to block read-access to > >>>>> anything that wasn't explicitly declared. Sandbox works for > >>>>> read-access as well as write-access, though > >>>>> in /etc/sandbox.d/00default read-access is enabled everywhere by > >>>>> default. > >>>>> > >>>>> And, yes, it could be configured to allow access to @system... > >>>> That's pretty much what emerge_strict does. > >>> > >>> What is emerge_strict? The Google is failing me here... > >>> > >>> Rich > >>> > >>> > >> Sorry, I should have clarified. It's provided by autodep, extending > >> the dependency analysis by denying access to any files not part of the > >> specified dependencies and @system. > >> > >> > > > > There was a gentoo gsoc project a few years ago that did exactly this > > for doing dep checks on ebuilds. There was also one for determining > > deps automatically. > > > > Is this the project mentioned? ^^^ > > > > Should be, autodep was GSoC 2011. > > >
