On Tue, Oct 21, 2014 at 10:28 AM, Stuart Henderson <st...@openbsd.org>
wrote:
> On 2014/10/21 17:03, Landry Breuil wrote:
> > On Tue, Oct 21, 2014 at 02:58:52PM +0000, Christian Weisgerber wrote:
> > > On 2014-10-19, Stuart Henderson <st...@openbsd.org> wrote:
> > >
> > > > (Actually, now ports can build/fake/package as non-root, there isn't
> really
> > > > much need for systrace in ports any more.)
> > >
> > > What remaining use is there? Can't we just kill it?
>
> The only use I see at the moment is as a placeholder showing where we
> might want to add some "sudo -u $PORTBUILDUSER" steps if we wanted to do
> automated user switching via Makefiles, though that can be retrieved
> from the attic.
>
> > Preventing network access from the build steps ?
>
> I'm fetching distfiles as my normal uid, then doing builds as pbuild.
> pf.conf:
>
> "block quick log proto {tcp udp} user pbuild"
>
>
This can be disabled by user and bypassed, you can't bypass systrace during
ports build. Also, it would be possible to place files in FAKE /etc i.e in
places other than /usr/local?
