From owner-freebsd-ports@FreeBSD.ORG Sat Aug 20 13:43:49 2011 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C70481065672 for ; Sat, 20 Aug 2011 13:43:49 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from glenbarber.us (onyx.glenbarber.us [199.48.134.227]) by mx1.freebsd.org (Postfix) with SMTP id 770478FC1A for ; Sat, 20 Aug 2011 13:43:49 +0000 (UTC) Received: (qmail 86254 invoked by uid 0); 20 Aug 2011 09:43:48 -0400 Received: from unknown (HELO schism.local) (gjb@76.124.49.145) by 0 with SMTP; 20 Aug 2011 09:43:48 -0400 Message-ID: <4E4FBA13.4050009@FreeBSD.org> Date: Sat, 20 Aug 2011 09:43:47 -0400 From: Glen Barber User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko/20110812 Thunderbird/6.0 MIME-Version: 1.0 To: Kostik Belousov References: <4E4F95FD.907@FreeBSD.org> <20110820115203.GH17489@deviant.kiev.zoral.com.ua> <4E4FA589.7070303@FreeBSD.org> <20110820124443.GJ17489@deviant.kiev.zoral.com.ua> In-Reply-To: <20110820124443.GJ17489@deviant.kiev.zoral.com.ua> X-Enigmail-Version: 1.3 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: ports@freebsd.org Subject: Re: [Request for Comments] Adding a JAILED meta-variable to bsd.port.mk X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2011 13:43:49 -0000 On 8/20/11 8:44 AM, Kostik Belousov wrote: >> One thing I can think of off-hand to fix this in that case is setting a >> local environment variable to disable a check for security.jail.jailed. >> Would this be an ok solution for those cases? If not, I happily agree >> that this change should not be made then. >> >> I have an updated patch to bsd.port.mk that looks for a local >> environment variable, PKGJAIL - if it is set, then JAILED is unset. >> Would this be acceptable? > The change would require user to do a configuration for a thing that > previously just worked. What is the point ? > I suppose the specific problem I am trying to solve is a case where a user builds a port within a jail with the expectation that the port will in fact run within the jail with little or no changes. Perhaps security/sshguard-pf and databases/postgresql*-server are not the most ideal examples of where this would be relevant. I agree that a configuration change for something that worked before is not the best solution. So, I retract this change proposal. Again, thank you for the feedback and pointing out that this would have had negative impact on those using jails for package building. Regards, Glen -- Glen Barber | gjb@FreeBSD.org FreeBSD Documentation Project