-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/12/2014 01:08 PM, Michał Górny wrote: > Dnia 2014-05-12, o godz. 12:07:11 > "Rick \"Zero_Chaos\" Farina" <zeroch...@gentoo.org> napisał(a): > >> What about talking to local network resources? In my metasploit ebuild >> it has tests available which talk to a local database and are perfectly >> safe, however, if postgresql is started on the system the tests don't >> work, the ebuild needs to start it's own postgresql to run the tests. > > How can you assume that the tests are perfectly safe? What do the tests > do exactly? >
As stated just below, the tests are not poorly written. All testing is done in a test DB which is different from the production DB. >> This seems a bit needless in my package, but likely saves others from >> poorly written tests. Do we want to allow access to system network >> services or block them? Right now they are blocked, and that's going to >> make the src_test function on my ebuild expand into near insanity to fix. > > I'd rather not get into allowing exceptions for the rule without > knowing a good use case first. I can expand on that once the previous > question is answered. > I wouldn't necessarily ask for this either, I'm just bringing to the attention of the ML as this could be an issue for more than metasploit and pymongodb. > I wouldn't call spawning a daemon that close to insanity. For those who > haven't seen such a thing yet -- dev-python/pymongo is an example where > I fixed a similar issue (writing into production database). Though it's > bit hacky since I needed a way to bind to a random free port -- with > network namespaces it'd be easier as Rich noted, since the ebuild would > have all ports free. > That would be nice, can we do the network namespaces so that I at least don't have to bind to a random port? That alone would be a major improvement in usability. Personally, I would love to be able to talk to localhost outside the ebuild, but if everyone agrees that is too dangerous then I don't feel I am qualified to disagree. - -Zero -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTcQNMAAoJEKXdFCfdEflKuNEP/34dIuiPCFLqLBUnCPJDQ3JW RVrhfOoqLyyixS18rYqTNeTDBDBrnICtsZ7T47ycs9fKbN81cgSUOrMQw/qai8/v jDBPUNb9YTs2BJ22GtNw0OBPbGc81GEBLc36P5etS5ymDPwbThSsSTo90cOiZweS IQgHkN0ZUDxmgG/q53GSU1IONZzNU3nSt+yrd90h40Vbo2PuAC4O+fz0m3jEGV5C WX+h5W+BCLStPerOV/VNySqQ3uo5poi3wXc3o4ojgpH1ejXo0dJ4fn6KHZxema52 JH3K3VSn2Mr60wo/43kDRmA4TtYSNbxMAH2aykAJ3WklZf3a82O0Z+++Sad84zTJ khpJwMHJkWAGTRibxpLIQ4lSjuCwAD/WCTHRw2i8PQPWtDJNGETaGFiBwtNZRexe 2kXZbpr3TqdwfY9WgDU4pB4QpRk7UYKSVgktSIU+yY4zGH6R2LaoUs/uQDntP/1F RYtdxV4glZ8qeOq9hmT3hnzVt/Pvj/sm+oPVJRRurz+X5FJIBGUkEFzqIXisE12E 3xUxsMQfjfOh4Io5y45iQjoYw30GdNU2t47IhTMHy1Cg9ZW5Lodx5qYiXy6JOww9 rLXVYa7u8f9emrQZChDd3+OeODU09O/YaakNhHv6gxpcVAOj9G9BMKMh0LHxSY6P X0lKgUDxyzYSDNBhaiCn =Vi4y -----END PGP SIGNATURE-----
