commit: c2472a6c064a9d2f8539cb518a926b964a81d174
Author: Andrew Savchenko <bircoph <AT> gmail <DOT> com>
AuthorDate: Tue Jan 27 18:04:58 2015 +0000
Commit: Andrew Savchenko <bircoph <AT> gmail <DOT> com>
CommitDate: Tue Jan 27 18:04:58 2015 +0000
URL:
http://sources.gentoo.org/gitweb/?p=dev/bircoph.git;a=commit;h=c2472a6c
clnyc: version bump
New flags are added, new bugfixes and security features.
---
app-admin/clsync/ChangeLog | 9 ++++-
app-admin/clsync/Manifest | 10 +++--
.../{clsync-9999.ebuild => clsync-0.4.ebuild} | 46 +++++++++++++++-------
app-admin/clsync/clsync-9999.ebuild | 43 +++++++++++++-------
.../files/clsync-0.4-unshare-configure.patch | 38 ++++++++++++++++++
.../clsync/files/clsync-0.4-unshare-ifdef.patch | 34 ++++++++++++++++
app-admin/clsync/metadata.xml | 8 +++-
profiles/package.use.mask | 4 +-
8 files changed, 157 insertions(+), 35 deletions(-)
diff --git a/app-admin/clsync/ChangeLog b/app-admin/clsync/ChangeLog
index f830377..f3e300e 100644
--- a/app-admin/clsync/ChangeLog
+++ b/app-admin/clsync/ChangeLog
@@ -1,7 +1,14 @@
# ChangeLog for app-admin/clsync
-# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
+# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
# $Header: $
+*clsync-0.4 (27 Jan 2015)
+
+ 27 Jan 2015; Andrew Savchenko <birc...@gentoo.org> +clsync-0.4.ebuild,
+ clsync-9999.ebuild, +files/clsync-0.4-unshare-configure.patch,
+ +files/clsync-0.4-unshare-ifdef.patch, metadata.xml:
+ Version bump.
+
*clsync-0.3 (15 May 2014)
15 May 2014; Andrew Savchenko <birc...@gmail.com> clsync-0.2.1.ebuild,
diff --git a/app-admin/clsync/Manifest b/app-admin/clsync/Manifest
index e7a8556..0d284f2 100644
--- a/app-admin/clsync/Manifest
+++ b/app-admin/clsync/Manifest
@@ -1,3 +1,5 @@
+AUX clsync-0.4-unshare-configure.patch 1198 SHA256
c60e2f8e33e1ca04d27e8887982d83eb5efb8a3f3f6871f97feba931aaa0db74 SHA512
c0be6a085a33e3c09bfe52fc5aff3a1136fbbdde7cf928bd1ff21c7e435ae8562a626ed7d561c83e74580f17e2ad1c61be778d0a7f01b2ad0890a9d5cc1e54cd
WHIRLPOOL
826d597da90d8f71b3ff902c5c55bbd3ae82bae33157f99469bfe8dec4ad93f16a1f2d10c0b78f561c58f6d01832ed2bbc2267ab619e21bd19c939034ae8b401
+AUX clsync-0.4-unshare-ifdef.patch 989 SHA256
2fc98fa742ed24068af39c950eb7fa33a048a2cbb3aab44b074928cd86c5cefb SHA512
2a6e98a2ea8d1dd663fdaf6eed0d6706c61b646c4178ca8be5598d1d6a3dd8023b92f02858f7324c5ceab601ed5c8ec1ee6bcc7210664cd57dc281a116bbde3c
WHIRLPOOL
9535ac8e746e4ce980d4f17c05f554e55f5ab717d79e20ba09751f176383e46c2b52777cccce10f28422b4d459f0ef8c8a5f900c4857994a8bab5c6108bd5e27
AUX clsync.conf 586 SHA256
da5b5611d9253094828ef4ff66d72cd36e807f36c218807d8da6386f45a56dab SHA512
ecaacdd5869a3c9552dd4a1441ed313e0e2f977c82b0a19ea1300f069e45ba6b49bcc9f6b35ab3031727fe7a09af0c647b9b34248d14f3e30701746170874e6d
WHIRLPOOL
e6b2ea8d0267051049152fa8e2dedcec89bc7be6cab48a9a91a39810de12094b1499a622cb0b8b6c3c0880a2e82713fed834bdf4337241f46c9673d1b2fc71eb
AUX clsync.conf-2 589 SHA256
1a8689b86cf9475ef72ef42a623a1bb1ae55abff31578dcfdf3537331c681815 SHA512
46d8d786378eed0bfa46195e45f764015258ba55b35a5acf2685967e9fbd1fc7656c6aeba26b06889fa2f7c62cb11ecb84b10b856356ea3c0d463eaa4980c33d
WHIRLPOOL
cd9a0800b75eab476d7feec079f23538295dca5067f979ce4280c3188b9a24adf7c78e0c2ec5e2e8cadd71d11be181d873bc462d9fe321ada85e4e11690272db
AUX clsync.confd 645 SHA256
ae7e9cacf618f9a32a4a1580580a901831aaaa0abb9de9e0379fbcc6a7359b0d SHA512
75dcc49d51f6da94d42eb501f1ad2868f163405dd7aa933f4c8078ec18f5b54eb6c66ff796ee744f7751699162627af843edbe5de5adf99c23712cedaebaddc5
WHIRLPOOL
06289c7645430d10b242983daa9cd2d4c2f327b34ede308012354947c64c654a7864586743ae6de7c02770a8b1c22de04b63404a6431b317b328ac6ac1e121ce
@@ -5,8 +7,10 @@ AUX clsync.initd 566 SHA256
4c33a75d993246a5a9cd2cc0da83a5ba23e9e9f34ad0da4b033a
AUX clsync.initd-2 573 SHA256
9200ac5bff76111853317f87f728029f6f20cafa52a0b2f90fe28e85b4780cd5 SHA512
5588dbe8d414f553692a79dcde2f147f8693235b39e166fa7f5e4e8b1dfaf7c134861d84792bbfc19fea9689ca0d428caf98b6830661bd46fdc98b410bbcc3b3
WHIRLPOOL
c89f913b1bc166ab4631476d0be1da5af136da95b1319319a93e74488a8c4fc9763c215d538f9e2889c9a87a7c5cf459fcfd0e38421c34a1bcc8dc79c9343aef
DIST clsync-0.2.1.tar.gz 105886 SHA256
7fc9257a24855a0b350937bc0667a326182e84a1ba922f41b41266aeb5b2c738 SHA512
8f8b926df6b4fc1424427aa6a504527a1f10a01a9108c512968148bf5552a429f7f9bc58f46730219a9be303b3314c8c3b55747c7c4ef5832bd175f70bdf2763
WHIRLPOOL
4f8f5c7e88983bbadb3263e245f424fb9e8fb140cb6bac78702a7d572f69856ccdac68fb6cd9249193af09d0b2bf224827bd05530a0cbec99bfc3fa7138e23fa
DIST clsync-0.3.tar.gz 122664 SHA256
054f7032993f51a35cf3fdc91aeb3ad358f63432f8d1d1cbe4b75e664450b5bf SHA512
b05b41815fcaa623a794d2f9a9f2d2a02867d4ee5685488a0693b017773c2fe7da81d1d322a166bf34aa4570039f542a61362e70db4df2d2c08b721d4ddad254
WHIRLPOOL
a3b401772b05dc47e0f6f9253471204ed655a3dbd06213c107ce3d760a1f4bc3bd577438748a177ccf10eec046a35688a91b0d7bbf5413c20b4d2a75ec0f5487
+DIST clsync-0.4.tar.gz 253396 SHA256
6f0ce7a5f61fbb50db53b787b62cf5347870f3be315acb02c4aee6b76206d19e SHA512
9b17f5f8f0bfc48531f3d8cb4f1c1edd3116e0b7d140e8ab2465dd1c590521c9857202ed3f36466f13fb3309abb9232fb4acbe25b5652914a816fac498f74a48
WHIRLPOOL
18ae12df2d7e0403b21c5d4ab7352cd81446729d94fb300a799b98dad9f88aeaa98deb2ba5f52858d3b6ba7406d777e53e97dae5c3a4802a229511db9c8a3482
EBUILD clsync-0.2.1.ebuild 2148 SHA256
9069d6bbba621a368ce6f1fd1602d984aa0c37a5297df7ff43598b53603ca726 SHA512
9ab6e36e094c43f7e506c743a0159ab00e09a216676b0693a8f2f3a0df8160c5c706122bb9e36e754c0e50a6dc63856dae86743e6e3a22be80b2bbf7ef21523f
WHIRLPOOL
27b60f03a084a821dda72799540605266557fae9b5379bfaa5c0601c42894d84d1ddd68d9dd6f2f8cf72f3cf7dc38cfc7e75821416290b2c8bf8c74af50b8543
EBUILD clsync-0.3.ebuild 2219 SHA256
71f1c52b62d0379c1bf03ce4a49fe2cc612697008aabbf58d3b7b882952c35ec SHA512
2cb4ce6f305a1ebb020157915324f824cf554ccd95761ebe13b4099f8418676173b9953994095c29c16b11942d7fb6a3029cdb5b94c572803ca0af183d16c659
WHIRLPOOL
37766e003335286b13a4dad913d838f3cb4b75d3b216b5b3265d93a36353f15e365c93d0768341d6bbaaf4fbb785ff2774f554fd57d009fc396ae2fb6aaacac3
-EBUILD clsync-9999.ebuild 2377 SHA256
3eed168b2767423b503bae15755605f0d0f166afe1d7827a1c883c373701597e SHA512
aea27f2c4a0b7a931ea2db7cdc66ed57162df806290dac37a59bc055b14bedd2097d31dfb41c6a8322f3391e0c3e8af9e6188be27dd97c25b7a38e637f8382b6
WHIRLPOOL
09ce09a6d845433c5fb8d1f153b6b4c559653414214fa4a4d0b10d95a1f87f54bccfeb0a7a5360a98e406dd93ed21168ccbd05b4647b2abbefb4fc3fb9b6b304
-MISC ChangeLog 3180 SHA256
3ac24f5999bd203f1810c7e13978ff4f2d44880d43122a40c63356182dcae0de SHA512
604a94db29f8dd489a72cac09aa7ab30922f28afa4ce196977ec2c1911b14f4a710711b6d01207c68dfe12917225cd45f847cc0fce97bdeb8043bd737f731848
WHIRLPOOL
94e7f6db0bece6ce953b98be99680c189cc0707bf7862f500d19cb5e6d866e5fdaee5454976ba1b1d19847b730d70da38acf16c5d2290403798797d56dea99cc
-MISC metadata.xml 1069 SHA256
8080d77dd918f6b2933b601d2fdc18fee12d43a651e82883e1794585690984a8 SHA512
ec5dac71adde7f3a72f96d98d5bf03f8ff1333db026a39e5d15d6ca91d057cc6eb8c164d02839668ea0dd5b723150970dca1b9bbc0b5f8a00bd0131371eb234c
WHIRLPOOL
856907418a21242faded7879875dc2e48bf6be6547d36799ae7ab765991c1730acfcd56ffa9720ec52f79623a0819d32254d432168c9fe0cad25bb971f8c8e14
+EBUILD clsync-0.4.ebuild 3022 SHA256
5f37b67ff04238d0681b06ff0640dcd5580dcda5fee8c667765c55d85e37307f SHA512
472ac3e43d6299c0dba35e25731bfbb0cf0034f23f5145613982e0bcdf1eebbd7aa35df1f77a08d55683fb80f976368565e01da22f30b01b10e6cd1b0f411aa0
WHIRLPOOL
f4cee7978cc87273e0b30ead8f7c099af78eb6d4a9cf30a0dbc041cb029f9e1d54e52e16939e219e87c7a587f3de5313b04ebf5777fa7ff57cbfb67c528e45c8
+EBUILD clsync-9999.ebuild 2917 SHA256
67a2fc9dd44ad4a7ee1dd54a9c99ae2c369465f538de56c714b3a546f6938b9d SHA512
2195e92ecfd36f53792274d1d4e72bc7ff4d0630a9b93682e4e3e468ed3fec00bd5a91fc7aca2f339ae7f26075e62da35e761c6a3adc86bed8cc3bbb6a96e6b5
WHIRLPOOL
ddfc61dc7d868078fb5e05c86a737bf97014cfeeaeb8d5f35ea993e40d42d2a75091e49d51ece16e6b6473c0964f6d4ccd1c9ba2059b8c2b2743eec5fee6ca86
+MISC ChangeLog 3417 SHA256
63c87c3e76debccc662e80304ddd13ed08752f0580358b899aff2ddb94908608 SHA512
9d63aff9f912b5a76950b8433f226996dd6242e0bf1f363cd9070572be70f559d22a849b1102208e99fae4d8dd045381554af9db969ff8963a70436a314823e2
WHIRLPOOL
a0ffa1924b4b0a4bc99b5b91588ef739cd9bcb75f48e8ade139e31ebe2f8b892d8a524cb398145b6aea576780349453313f3109df116e78d1bfde99d30823be0
+MISC metadata.xml 1597 SHA256
f52db37e96b97ff21e5ab5b4aa17bffe3663cb1227cd29b930c6ccef7af07045 SHA512
4935fa33dbacd7a29092234f48654b023aa9b87f8d91639c82c101738c19b293112e156beb6d9e93d55304f9abd7fe5c92692361306bb14e166d854230913e53
WHIRLPOOL
1a0aeb1e8c92087a16e445e74a867511bbdc9bc23dcc3881ce2398fe2ee6299728420ceb824e9f582b8dcec8082ec46eaad10dcdff7091d8d6af5a04ac747363
diff --git a/app-admin/clsync/clsync-9999.ebuild
b/app-admin/clsync/clsync-0.4.ebuild
similarity index 64%
copy from app-admin/clsync/clsync-9999.ebuild
copy to app-admin/clsync/clsync-0.4.ebuild
index 5682776..380c8f1 100644
--- a/app-admin/clsync/clsync-9999.ebuild
+++ b/app-admin/clsync/clsync-0.4.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
@@ -11,31 +11,45 @@ if [[ ${PV} == "9999" ]] ; then
KEYWORDS=""
else
SRC_URI="https://github.com/xaionaro/${PN}/archive/v${PV}.tar.gz ->
${P}.tar.gz"
- KEYWORDS="~x86 ~amd64"
+ KEYWORDS="~amd64 ~x86"
fi
-inherit autotools
+inherit autotools eutils linux-info
DESCRIPTION="Live sync tool based on inotify, written in GNU C"
HOMEPAGE="http://ut.mephi.ru/oss/clsync https://github.com/xaionaro/clsync";
LICENSE="GPL-3+"
SLOT="0"
-IUSE="caps cluster control-socket debug doc +examples extra-hardened hardened
mhash"
+IUSE="+caps cluster control-socket cgroups debug doc +examples
+extra-hardened gio hardened +highload-locks +inotify mhash
+namespaces seccomp"
REQUIRED_USE="
extra-hardened? ( hardened )
mhash? ( cluster )"
RDEPEND="
+ dev-libs/glib:2
caps? ( sys-libs/libcap )
+ cgroups? ( dev-libs/libcgroup )
mhash? ( app-crypt/mhash )
- dev-libs/glib:2
+ seccomp? ( sys-libs/libseccomp )
"
DEPEND="${RDEPEND}
virtual/pkgconfig
- doc? ( app-doc/clsync-docs )
+ doc? ( ~app-doc/clsync-docs-${PV} )
"
+pkg_pretend() {
+ if use namespaces; then
+ CONFIG_CHECK="~NAMESPACES ~UTS_NS ~IPC_NS ~USER_NS ~PID_NS
~NET_NS"
+ check_extra_config
+ fi
+}
+
src_prepare() {
+ epatch \
+ "${FILESDIR}/${P}-unshare-configure.patch" \
+ "${FILESDIR}/${P}-unshare-ifdef.patch"
eautoreconf
}
@@ -49,25 +63,26 @@ src_configure() {
--disable-socket-library \
--enable-clsync \
--enable-paranoid=${harden_level} \
- --with-inotify=native \
--without-bsm \
--without-kqueue \
$(use_enable cluster) \
$(use_enable control-socket socket) \
$(use_enable debug) \
+ $(use_enable highload-locks) \
+ $(use_enable namespaces unshare) \
$(use_with caps capabilities) \
- $(use_with mhash)
-}
-
-src_compile() {
- emake
+ $(use_with cgroups libcgroup) \
+ $(use_with gio) \
+ $(use_with inotify inotify native) \
+ $(use_with mhash) \
+ $(use_with seccomp libseccomp)
}
src_install() {
emake DESTDIR="${D}" install
# remove unwanted docs
- rm "${ED}/usr/share/doc/${PF}"/{LICENSE,TODO} || die "failed to cleanup
docs"
+ rm "${ED}/usr/share/doc/${PF}/LICENSE" || die "failed to cleanup docs"
use examples || rm -r "${ED}/usr/share/doc/${PF}/examples" || die
"failed to remove examples"
newinitd "${FILESDIR}/${PN}.initd-2" "${PN}"
@@ -85,6 +100,9 @@ pkg_postinst() {
einfo "data transfer. Usually net-misc/rsync is a good choise, but
${PN} is"
einfo "is flexible enough to use any user tool, see manual page for
details."
einfo
- einfo "${PN} init script can now be multiplexed, to use symlink init
script to"
+ einfo "${PN} init script can be multiplexed, to use symlink init script
to"
einfo "othername and use conf.d/othername to configure it."
+ einfo
+ einfo "If you're interested in improved security, enable"
+ einfo "USE=\"caps cgroups hardened namespaces seccomp\""
}
diff --git a/app-admin/clsync/clsync-9999.ebuild
b/app-admin/clsync/clsync-9999.ebuild
index 5682776..e37bbac 100644
--- a/app-admin/clsync/clsync-9999.ebuild
+++ b/app-admin/clsync/clsync-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
@@ -11,30 +11,41 @@ if [[ ${PV} == "9999" ]] ; then
KEYWORDS=""
else
SRC_URI="https://github.com/xaionaro/${PN}/archive/v${PV}.tar.gz ->
${P}.tar.gz"
- KEYWORDS="~x86 ~amd64"
+ KEYWORDS="~amd64 ~x86"
fi
-inherit autotools
+inherit autotools linux-info
DESCRIPTION="Live sync tool based on inotify, written in GNU C"
HOMEPAGE="http://ut.mephi.ru/oss/clsync https://github.com/xaionaro/clsync";
LICENSE="GPL-3+"
SLOT="0"
-IUSE="caps cluster control-socket debug doc +examples extra-hardened hardened
mhash"
+IUSE="+caps cluster control-socket cgroups debug doc +examples
+extra-hardened gio hardened +highload-locks +inotify mhash
+namespaces seccomp"
REQUIRED_USE="
extra-hardened? ( hardened )
mhash? ( cluster )"
RDEPEND="
+ dev-libs/glib:2
caps? ( sys-libs/libcap )
+ cgroups? ( dev-libs/libcgroup )
mhash? ( app-crypt/mhash )
- dev-libs/glib:2
+ seccomp? ( sys-libs/libseccomp )
"
DEPEND="${RDEPEND}
virtual/pkgconfig
- doc? ( app-doc/clsync-docs )
+ doc? ( ~app-doc/clsync-docs-${PV} )
"
+pkg_pretend() {
+ if use namespaces; then
+ CONFIG_CHECK="~NAMESPACES ~UTS_NS ~IPC_NS ~USER_NS ~PID_NS
~NET_NS"
+ check_extra_config
+ fi
+}
+
src_prepare() {
eautoreconf
}
@@ -49,25 +60,26 @@ src_configure() {
--disable-socket-library \
--enable-clsync \
--enable-paranoid=${harden_level} \
- --with-inotify=native \
--without-bsm \
--without-kqueue \
$(use_enable cluster) \
$(use_enable control-socket socket) \
$(use_enable debug) \
+ $(use_enable highload-locks) \
+ $(use_enable namespaces unshare) \
$(use_with caps capabilities) \
- $(use_with mhash)
-}
-
-src_compile() {
- emake
+ $(use_with cgroups libcgroup) \
+ $(use_with gio) \
+ $(use_with inotify inotify native) \
+ $(use_with mhash) \
+ $(use_with seccomp libseccomp)
}
src_install() {
emake DESTDIR="${D}" install
# remove unwanted docs
- rm "${ED}/usr/share/doc/${PF}"/{LICENSE,TODO} || die "failed to cleanup
docs"
+ rm "${ED}/usr/share/doc/${PF}/LICENSE" || die "failed to cleanup docs"
use examples || rm -r "${ED}/usr/share/doc/${PF}/examples" || die
"failed to remove examples"
newinitd "${FILESDIR}/${PN}.initd-2" "${PN}"
@@ -85,6 +97,9 @@ pkg_postinst() {
einfo "data transfer. Usually net-misc/rsync is a good choise, but
${PN} is"
einfo "is flexible enough to use any user tool, see manual page for
details."
einfo
- einfo "${PN} init script can now be multiplexed, to use symlink init
script to"
+ einfo "${PN} init script can be multiplexed, to use symlink init script
to"
einfo "othername and use conf.d/othername to configure it."
+ einfo
+ einfo "If you're interested in improved security, enable"
+ einfo "USE=\"caps cgroups hardened namespaces seccomp\""
}
diff --git a/app-admin/clsync/files/clsync-0.4-unshare-configure.patch
b/app-admin/clsync/files/clsync-0.4-unshare-configure.patch
new file mode 100644
index 0000000..11d8f01
--- /dev/null
+++ b/app-admin/clsync/files/clsync-0.4-unshare-configure.patch
@@ -0,0 +1,38 @@
+commit a13f929cfe4a7fad58c7d814a139efff091601e0
+Author: Dmitry Yu Okunev <dyoku...@ut.mephi.ru>
+Date: Tue Jan 27 15:51:18 2015 +0300
+
+ "unshare()" support is configurable now
+
+diff --git a/configure.ac b/configure.ac
+index f474478..059ade0 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -87,6 +87,17 @@ AS_HELP_STRING(--enable-socket-library,
+ [build libclsync socket library, default: no]))
+ AM_CONDITIONAL([LIBCLSYNC], [test "x$enable_socket_library" = "xyes"])
+
++dnl --enable-unshare
++AC_ARG_ENABLE(unshare,
++AS_HELP_STRING(--enable-unshare,
++[enable support of unshare(), default: yes]), [], [enable_unshare="yes"])
++
++HAVE_UNSHARE=0
++AS_IF([ test "x$enable_unshare" = "xyes" ],
++[
++ AC_CHECK_FUNC([unshare], [HAVE_UNSHARE=1], [AC_MSG_FAILURE([Cannot find
function unshare()])])
++])
++
+ dnl --enable-highload-locks
+ AC_ARG_ENABLE(highload-locks,
+ AS_HELP_STRING(--enable-highload-locks,
+@@ -155,9 +166,6 @@ AC_CHECK_FUNC([getmntent], [HAVE_GETMNTENT=1])
+ dnl searching for pivot_root
+ AC_CHECK_FUNC([pivot_root], [HAVE_PIVOTROOT=1])
+
+-dnl searching for unshare
+-AC_CHECK_FUNC([unshare], [HAVE_UNSHARE=1])
+-
+ dnl libcgroup check
+ AC_ARG_WITH(libcgroup,
+ AS_HELP_STRING(--with-libcgroup,
diff --git a/app-admin/clsync/files/clsync-0.4-unshare-ifdef.patch
b/app-admin/clsync/files/clsync-0.4-unshare-ifdef.patch
new file mode 100644
index 0000000..84116dd
--- /dev/null
+++ b/app-admin/clsync/files/clsync-0.4-unshare-ifdef.patch
@@ -0,0 +1,34 @@
+commit a437518de6813202ab9cef124a6ca085d3eb555d
+Author: Dmitry Yu Okunev <dyoku...@ut.mephi.ru>
+Date: Tue Jan 27 18:56:02 2015 +0300
+
+ Added missed "#ifdef"-s for unshare()
+
+diff --git a/privileged.c b/privileged.c
+index 4b35514..fafd5b7 100644
+--- a/privileged.c
++++ b/privileged.c
+@@ -1747,7 +1747,9 @@ int privileged_init(ctx_t *ctx_p)
+
+ SAFE ( pthread_mutex_lock(pthread_mutex_runner_p), return
errno;);
+
++# ifdef UNSHARE_SUPPORT
+ unshare(CLONE_NEWIPC);
++# endif
+
+ switch (ctx_p->flags[SPLITTING]) {
+ case SM_THREAD: {
+@@ -1792,11 +1794,13 @@ int privileged_init(ctx_t *ctx_p)
+ }
+ critical_on(!helper_isalive());
+
++# ifdef UNSHARE_SUPPORT
+ // The rest routines
+ if (ctx_p->flags[DETACH_NETWORK] == DN_NONPRIVILEGED) {
+ SAFE ( cap_enable(CAP_TO_MASK(CAP_SYS_ADMIN)), return errno; );
+ SAFE ( unshare(CLONE_NEWNET), return errno; );
+ }
++# endif
+ SAFE ( cap_drop(ctx_p, 0), return errno; );
+
+ debug(4, "Waiting for the privileged thread to get prepared");
diff --git a/app-admin/clsync/metadata.xml b/app-admin/clsync/metadata.xml
index 1e7dfa2..170733c 100644
--- a/app-admin/clsync/metadata.xml
+++ b/app-admin/clsync/metadata.xml
@@ -11,12 +11,18 @@
This utility is much more lightweight than competitors and supports such
features as separate queue for big files, regex file filter, multi-threading
and multicast notifing clsync instances on another nodes to prevent loop
- syncing.
+ syncing. Clsync can use advanced features for isolation: capabilities,
cgroups,
+ namespaces, seccomp, code hardening.
</longdescription>
<use>
<flag name="caps">Capabilities support. Under development, may not work
properly now.</flag>
<flag name="cluster">Enable clustering support (allows master-master
clsync on multiple hosts). Not fully implemented yet.</flag>
<flag name="control-socket">Enable AF_UNIX control socket
support.</flag>
+ <flag name="cgroups">Use cgroups to limit /dev access.</flag>
<flag name="extra-hardened">Enable extra security checks. This may hurt
performance.</flag>
+ <flag name="gio">Enable GIO for FS monitoring (glib based alternative
to inotify interface).</flag>
+ <flag name="highload-locks">Allows to use spinlocks for short delays
instead of mutexes, but only on SMP systems.</flag>
+ <flag name="namespaces">Enable namespaces isolation.</flag>
+ <flag name="seccomp">Enable seccomp for system call filtering.</flag>
</use>
</pkgmetadata>
diff --git a/profiles/package.use.mask b/profiles/package.use.mask
index 2df15cd..a41d893 100644
--- a/profiles/package.use.mask
+++ b/profiles/package.use.mask
@@ -1,5 +1,5 @@
# Only real codecs are affected by GLSA 201312-11
media-libs/win32codecs real
-# Features are still under development and not working properly
-app-admin/clsync caps cluster
+# cluster code is still under development and not fully implemented
+app-admin/clsync cluster mhash
