Subject: Re: systrace(4) policies in pkgsrc
To: Greg Troxel <gdt@ir.bbn.com>
From: Blair Sadewitz <blair.sadewitz@gmail.com>
List: pkgsrc-users
Date: 11/14/2006 13:20:08
1) Given the amount of resources, I think it's practical to do this
only for NetBSD for now.
2) I think the setup should be similar to the rc.d scripts:
installation to ${LOCALBASE}/share/systrace unless
PKG_SYSTRACE_POLICIES is set, and then they are installed to
SYSTRACE_POLICIES_DIR, which defaults to ${PKG_SYSCONFBASE}/systrace.
This way users which eventually want to place them on a read-only
filesystem can do so at their convenience, or they can be installed
auto-magically, etc.
3) I think that until they've received a lot of testing, it should be
part of the options framework. Therefore systrace policies could be
enabled on a per-package basis or globally (PKG_OPTION_DEFAULT vs.
PKG_OPTIONS.pkgname).
--Blair
--
Support WFMU-FM: free-form radio for the masses!
<http://www.wfmu.org/>
91.1 FM Jersey City, NJ
90.1 FM Mt. Hope, NY
"The Reggae Schoolroom":
<http://www.wfmu.org/playlists/RS/>