Dnia 2015-01-21, o godz. 11:05:34 Michał Górny <mgo...@gentoo.org> napisał(a):
> Generic proxy solution > ---------------------- > > The simplest solution so far seems to be setting a generic SOCKS proxy > inside the build environment, and wrapping distcc so that it will use > it for network access. > > Unless we do some extra magic which don't want to do, this means that > other apps can also abuse the proxy to reach outside sandbox. However, > network-sandbox is not really a security feature, so I don't think that > is important. At least as long as we don't export it globally :). > > Of course, software is a problem. We'd need at least some SOCKS server > for Portage (at least a very simple one), and as far as I'm aware > distcc does not support SOCKS directly, so tsocks in addition to that. So finally went this way instead. I've implemented a simple SOCKSv5 server over UNIX sockets [1] and wrote a patch adding SOCKSv5 support to distcc [2,3]. With the two patches, everything works perfectly for me :). [1]:http://article.gmane.org/gmane.linux.gentoo.portage.devel/5142 [2]:https://code.google.com/p/distcc/issues/detail?id=149 [3]:https://bugs.gentoo.org/show_bug.cgi?id=537616 -- Best regards, Michał Górny
pgpuy8pRvnWQr.pgp
Description: OpenPGP digital signature
