Subject: systrace(4) policies in pkgsrc
To: None <firstname.lastname@example.org>
From: Blair Sadewitz <email@example.com>
Date: 11/14/2006 01:41:22
I thought I'd throw this out for discussion:
Does anyone have any ideas on how systrace policies for packages could
be implemented in pkgsrc? The solution that immediately comes to mind
is adding a 'systrace' option for each package with an included
policy. This way it could be set per-package or in
PKG_DEFAULT_OPTIONS. IIRC they do this with some OpenBSD ports, but
it's been so long since I used OpenBSD, I can't go into detail. Of
course, pkgsrc is multiplatform, unlike OpenBSD ports, so obviously
not all target platforms will have a systrace facility; hence the use
of the options framework.
I got this idea tonight while setting up GNOME, as there are daemons
that must run as root which make me nervous. Moreover, audio servers
such as jackd and other things which need to change their execution
priorities could be wrapped with systrace as well.
I haven't experimented with systrace enough, but It's on my
exponentially-growing to-do list. :)
Support WFMU-FM: free-form radio for the masses!
91.1 FM Jersey City, NJ
90.1 FM Mt. Hope, NY
"The Reggae Schoolroom":