On Fri, 22 Sep 2017 12:38:54 +0100 Sergei Trofimovich <sly...@gentoo.org> wrote:
> On Fri, 22 Sep 2017 12:57:21 +0200 > Alexis Ballier <aball...@gentoo.org> wrote: > > > On Fri, 22 Sep 2017 06:07:18 +0200 > > Michał Górny <mgo...@gentoo.org> wrote: > > > > > W dniu czw, 21.09.2017 o godzinie 15∶41 -0700, użytkownik Matt > > > Turner napisał: > > > > On Thu, Sep 21, 2017 at 2:25 PM, Michał Górny > > > > <mgo...@gentoo.org> wrote: > > > > > Given that sandbox is utterly broken by design, I don't really > > > > > want to put too much effort in trying to make it a little > > > > > better. I'd rather put the minimal effort required to make it > > > > > not-much-worse. > > > > > > > > You said in your initial email that you weren't an expert in its > > > > internals, but here you say it's broken by design. Why do you > > > > think that? > > > > > > > > > > Because it uses LD_PRELOAD which is a huge hack and which causes > > > guaranteed issues we can't really fix. All we can do is disable > > > it for emacs, for compiler-rt and I'm afraid this list will grow > > > because overriding random library functions is never a good idea. > > > > > > > I think we're all ears for a better solution. There are probably > > much better ways to do sandboxing these days than 15 years ago. > > > > LD_PRELOAD does not work with static binaries. Hence the non > > portable ptrace stuff. Hence bugs. Etc. The point is, that's the > > best we have now. > > Some other distros try harder to isolate build environment either > through chroot and/or private mount/user/network namespace that > contains only explicitly specified files in build environment. > > That would require more cooperation from package manager to fetch > list of all visible depends. > > Don't know if drop-in relacement could be implemented for sandbox > that way. I like clear sandbox error reporting. We definitely do need a kind of drop-in replacement since PMS mandates some parts of the sandbox API (addwrite/addpredict & co for instance)
