diff options
author | Michał Górny <mgorny@gentoo.org> | 2018-12-12 18:36:48 +0100 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2018-12-12 19:41:25 +0100 |
commit | 55a9d4ccc5ac90b454638f9205f8a5d20ca8b47a (patch) | |
tree | 0efcb610a995be44b4dbd8fb840d615d47ff9589 /cnf | |
parent | doebuild: add missing whitespace in warning message (diff) | |
download | portage-55a9d4ccc5ac90b454638f9205f8a5d20ca8b47a.tar.gz portage-55a9d4ccc5ac90b454638f9205f8a5d20ca8b47a.tar.bz2 portage-55a9d4ccc5ac90b454638f9205f8a5d20ca8b47a.zip |
Enable {ipc,network,pid}-sandbox by default
The sandboxes are stable enough to be enabled by default, and they all
prevent undesirable situations. Furthermore, they all gracefully handle
missing namespace support.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Diffstat (limited to 'cnf')
-rw-r--r-- | cnf/make.globals | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/cnf/make.globals b/cnf/make.globals index d394a1890..1bcc7ce64 100644 --- a/cnf/make.globals +++ b/cnf/make.globals @@ -52,10 +52,11 @@ FETCHCOMMAND_SFTP="bash -c \"x=\\\${2#sftp://} ; host=\\\${x%%/*} ; port=\\\${ho # Default user options FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs config-protect-if-modified distlocks ebuild-locks - fixlafiles merge-sync multilib-strict news - parallel-fetch preserve-libs protect-owned - sandbox sfperms strict unknown-features-warn unmerge-logs - unmerge-orphans userfetch userpriv usersandbox usersync" + fixlafiles ipc-sandbox merge-sync multilib-strict + network-sandbox news parallel-fetch pid-sandbox + preserve-libs protect-owned sandbox sfperms strict + unknown-features-warn unmerge-logs unmerge-orphans userfetch + userpriv usersandbox usersync" # Ignore file collisions in /lib/modules since files inside this directory # are never unmerged, and therefore collisions must be ignored in order for |