Add FEATURES=network-sandbox support, bug #481450

This way, only privileged phases (pkg_* and src_unpack) have network access during the ebuild run. All of the src_* phases are completely detached from host's network interfaces.
author: Michał Górny <mgorny@gentoo.org> 2013-08-17 12:28:05 +0200
committer: Zac Medico <zmedico@gentoo.org> 2013-08-17 13:38:53 -0700
commit: 39db5201e087156ed46f6cac4dc9a69a2f3cc81c (patch)
tree: f73f9bd104b3917652658092cdb97f7cec4d2e56 /man
parent: Fix last commit. (diff)
download: portage-39db5201e087156ed46f6cac4dc9a69a2f3cc81c.tar.gz
portage-39db5201e087156ed46f6cac4dc9a69a2f3cc81c.tar.bz2
portage-39db5201e087156ed46f6cac4dc9a69a2f3cc81c.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/man/make.conf.5 b/man/make.conf.5
index 63e2097ea..461172c9b 100644
--- a/man/make.conf.5
+++ b/man/make.conf.5
@@ -415,6 +415,10 @@ isn't a symlink to /usr/lib64. To find the bad packages, we have a
 portage feature called \fImultilib\-strict\fR. It will prevent emerge
 from putting 64bit libraries into anything other than (/usr)/lib64.
 .TP
+.B network\-sandbox
+Isolate the ebuild phase functions from host network interfaces.
+Supported only on Linux. Requires network namespace support in kernel.
+.TP
 .B news
 Enable GLEP 42 news support. See
 \fIhttp://www.gentoo.org/proj/en/glep/glep-0042.html\fR.
author	Michał Górny <mgorny@gentoo.org>	2013-08-17 12:28:05 +0200
committer	Zac Medico <zmedico@gentoo.org>	2013-08-17 13:38:53 -0700
commit	39db5201e087156ed46f6cac4dc9a69a2f3cc81c (patch)
tree	f73f9bd104b3917652658092cdb97f7cec4d2e56 /man
parent	Fix last commit. (diff)
download	portage-39db5201e087156ed46f6cac4dc9a69a2f3cc81c.tar.gz portage-39db5201e087156ed46f6cac4dc9a69a2f3cc81c.tar.bz2 portage-39db5201e087156ed46f6cac4dc9a69a2f3cc81c.zip