On Fri, Sep 22, 2017 at 5:01 PM, Michael Orlitzky wrote:
> On 09/22/2017 05:51 PM, R0b0t1 wrote:
>> On Thu, Sep 21, 2017 at 2:56 PM, Michał Górny wrote:
>>> [1]:https://wiki.gentoo.org/wiki/Project:Sandbox
>>>
>>
>> I think I understand, in principle, why a sandbox could be useful, but
>> would i
On Fri, Sep 22, 2017 at 6:29 PM, James McMechan
wrote:
> On Fri, Sep 22, 2017 at 5:18 PM, Rich Freeman wrote:
>>On Fri, Sep 22, 2017 at 4:43 PM, James McMechan
>> wrote:
>>>
>>> # now create a separate mount namespace non-persistent
>>> unshare -m bash
>>>
>>
>>If you're going to go to the troubl
On Fri, Sep 22, 2017 at 5:18 PM, Rich Freeman wrote:
>On Fri, Sep 22, 2017 at 4:43 PM, James McMechan
> wrote:
>>
>> # now create a separate mount namespace non-persistent
>> unshare -m bash
>>
>
>If you're going to go to the trouble to set up a container, you might
>as well add some more isolatio
On Fri, Sep 22, 2017 at 4:43 PM, James McMechan
wrote:
>
> # now create a separate mount namespace non-persistent
> unshare -m bash
>
If you're going to go to the trouble to set up a container, you might
as well add some more isolation:
unshare --mount --net --pid --uts --cgroup --fork --ipc --m
Hello,
I thought a example of how a overlay sandbox could work was in order.
###
# load the overlayfs filesystem for this test
modprobe overlay
# make the directories for the test
mkdir -p /var/tmp/upper /var/tmp/work /mnt/gentoo
# now create a separate mount namespace non-persistent
unshare -m
On Fri, Sep 22, 2017 at 5:51 PM, R0b0t1 wrote:
> On Thu, Sep 21, 2017 at 2:56 PM, Michał Górny wrote:
> > [1]:https://wiki.gentoo.org/wiki/Project:Sandbox
> >
>
> I think I understand, in principle, why a sandbox could be useful, but
> would it not be more productive to follow up with projects w
On 09/22/2017 05:51 PM, R0b0t1 wrote:
> On Thu, Sep 21, 2017 at 2:56 PM, Michał Górny wrote:
>> [1]:https://wiki.gentoo.org/wiki/Project:Sandbox
>>
>
> I think I understand, in principle, why a sandbox could be useful, but
> would it not be more productive to follow up with projects which do
> un
On Thu, Sep 21, 2017 at 2:56 PM, Michał Górny wrote:
> [1]:https://wiki.gentoo.org/wiki/Project:Sandbox
>
I think I understand, in principle, why a sandbox could be useful, but
would it not be more productive to follow up with projects which do
unexpected things to ask that they not do those thin
W dniu pią, 22.09.2017 o godzinie 20∶31 +0200, użytkownik Alexis Ballier
napisał:
> On Fri, 22 Sep 2017 19:39:16 +0200
> Michał Górny wrote:
>
> > W dniu pią, 22.09.2017 o godzinie 19∶15 +0200, użytkownik Alexis
> > Ballier napisał:
> > > On Fri, 22 Sep 2017 17:20:23 +0200
> > > Michał Górny wro
On Fri, 22 Sep 2017 19:39:16 +0200
Michał Górny wrote:
> W dniu pią, 22.09.2017 o godzinie 19∶15 +0200, użytkownik Alexis
> Ballier napisał:
> > On Fri, 22 Sep 2017 17:20:23 +0200
> > Michał Górny wrote:
> >
> > > W dniu pią, 22.09.2017 o godzinie 12∶57 +0200, użytkownik Alexis
> > > Ballier
W dniu pią, 22.09.2017 o godzinie 19∶15 +0200, użytkownik Alexis Ballier
napisał:
> On Fri, 22 Sep 2017 17:20:23 +0200
> Michał Górny wrote:
>
> > W dniu pią, 22.09.2017 o godzinie 12∶57 +0200, użytkownik Alexis
> > Ballier napisał:
> > > On Fri, 22 Sep 2017 06:07:18 +0200
> > > Michał Górny wro
On 2017-09-22 10:03 AM, Brian Dolbec wrote:
> On Fri, 22 Sep 2017 15:06:49 +
> James McMechan wrote:
>
>> On Fri, Sep 22, 2017 at 5:27 AM, Rich Freeman
>> wrote:
>>> On Fri, Sep 22, 2017 at 7:38 AM, Sergei Trofimovich
>>> wrote:
Some other distros try harder to isolate build
On Fri, 22 Sep 2017 17:20:23 +0200
Michał Górny wrote:
> W dniu pią, 22.09.2017 o godzinie 12∶57 +0200, użytkownik Alexis
> Ballier napisał:
> > On Fri, 22 Sep 2017 06:07:18 +0200
> > Michał Górny wrote:
> >
> > > W dniu czw, 21.09.2017 o godzinie 15∶41 -0700, użytkownik Matt
> > > Turner nap
On Fri, 22 Sep 2017 15:06:49 +
James McMechan wrote:
> On Fri, Sep 22, 2017 at 5:27 AM, Rich Freeman
> wrote:
> >On Fri, Sep 22, 2017 at 7:38 AM, Sergei Trofimovich
> > wrote:
> >>
> >> Some other distros try harder to isolate build environment either
> >> through chroot and/or private mo
W dniu pią, 22.09.2017 o godzinie 12∶57 +0200, użytkownik Alexis Ballier
napisał:
> On Fri, 22 Sep 2017 06:07:18 +0200
> Michał Górny wrote:
>
> > W dniu czw, 21.09.2017 o godzinie 15∶41 -0700, użytkownik Matt Turner
> > napisał:
> > > On Thu, Sep 21, 2017 at 2:25 PM, Michał Górny
> > > wrote:
On Fri, Sep 22, 2017 at 5:27 AM, Rich Freeman wrote:
>On Fri, Sep 22, 2017 at 7:38 AM, Sergei Trofimovich wrote:
>>
>> Some other distros try harder to isolate build environment either
>> through chroot and/or private mount/user/network namespace that
>> contains only explicitly specified files
On Fri, Sep 22, 2017 at 7:38 AM, Sergei Trofimovich wrote:
>
> Some other distros try harder to isolate build environment either
> through chroot and/or private mount/user/network namespace that
> contains only explicitly specified files in build environment.
>
> That would require more cooperatio
On Fri, 22 Sep 2017 12:38:54 +0100
Sergei Trofimovich wrote:
> On Fri, 22 Sep 2017 12:57:21 +0200
> Alexis Ballier wrote:
>
> > On Fri, 22 Sep 2017 06:07:18 +0200
> > Michał Górny wrote:
> >
> > > W dniu czw, 21.09.2017 o godzinie 15∶41 -0700, użytkownik Matt
> > > Turner napisał:
> > >
On Fri, 22 Sep 2017 12:57:21 +0200
Alexis Ballier wrote:
> On Fri, 22 Sep 2017 06:07:18 +0200
> Michał Górny wrote:
>
> > W dniu czw, 21.09.2017 o godzinie 15∶41 -0700, użytkownik Matt Turner
> > napisał:
> > > On Thu, Sep 21, 2017 at 2:25 PM, Michał Górny
> > > wrote:
> > > > Given that
On Fri, 22 Sep 2017 06:07:18 +0200
Michał Górny wrote:
> W dniu czw, 21.09.2017 o godzinie 15∶41 -0700, użytkownik Matt Turner
> napisał:
> > On Thu, Sep 21, 2017 at 2:25 PM, Michał Górny
> > wrote:
> > > Given that sandbox is utterly broken by design, I don't really
> > > want to put too much
20 matches
Mail list logo
