diff options
| author |   Michał Górny <mgorny@gentoo.org> | 2013-08-19 01:22:59 +0200 |
|---|---|---|
| committer |   Zac Medico <zmedico@gentoo.org> | 2013-08-18 16:31:01 -0700 |
| commit | f0711200ce35920552962190c9a1f7b98d107070 (patch) | |
| tree | f7a5228f64b4fb9a4a15d61aac1f64f51b01367d /man | |
| parent | archive-conf: fix for python3, bug #481518 (diff) | |
| download | portage-f0711200ce35920552962190c9a1f7b98d107070.tar.gz portage-f0711200ce35920552962190c9a1f7b98d107070.tar.bz2 portage-f0711200ce35920552962190c9a1f7b98d107070.zip | |
Add FEATURES=ipc-sandbox to isolate IPC from host.
This way, only privileged phases (pkg_*) can use *nix IPC to communicate
with host applications. src_* use private IPC namespace.
Diffstat (limited to 'man')
| -rw-r--r-- | man/make.conf.5 | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/man/make.conf.5 b/man/make.conf.5 index 461172c9b..91817aec5 100644 --- a/man/make.conf.5 +++ b/man/make.conf.5 @@ -385,6 +385,10 @@ would otherwise be useless with prefix configurations. This brings compatibility with the prefix branch of portage, which also supports EPREFIX for all EAPIs (for obvious reasons). .TP +.B ipc\-sandbox +Isolate the ebuild phase functions from host IPC namespace. Supported +only on Linux. Requires network namespace support in kernel. +.TP .B lmirror When \fImirror\fR is enabled in \fBFEATURES\fR, fetch files even when \fImirror\fR is also in the \fBebuild\fR(5) \fBRESTRICT\fR variable. |