[Exherbo-dev] Proper network sandboxing

Ciaran McCreesh ciaran.mccreesh at googlemail.com
Tue Aug 25 23:28:17 BST 2009


On Wed, 26 Aug 2009 01:25:55 +0300
Ali Polatel <polatel at gmail.com> wrote:

> In my opinion the easiest and cleanest way to implement this is
> network whitelisting. Which may work like:
> 
> sydboxcmd net/deny # somewhere in ebuild.bash
> sydboxcmd net/whitelist/127.0.0.1:80 # in for example src_test
> 
> which means we'll deny all network connections by default and let the
> exheres author allow them as she/he wishes.
> 
> What do you think?

Do tests typically use a fixed port, or do they pick a random
'available' port and use that?

-- 
Ciaran McCreesh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.exherbo.org/pipermail/exherbo-dev/attachments/20090825/7d79f5f1/attachment.pgp>


More information about the Exherbo-dev mailing list