Exherbo

Sydbox-0.1_beta7 is released. Fix magic stat problems on x86. Fix segmentation faults caused by wrong handling of the list of children. tarball: sydbox-0.1_beta7.tar.bz2sign: sydbox-0.1_beta7.tar.bz2.ascsha1sum: 512b890ded05b59866fd6826f2f4af2a7b5366ec

Sydbox-0.1_beta7 is released. Fix magic stat problems on x86. Fix segmentation faults caused by wrong handling of the list of children. tarball: sydbox-0.1_beta7.tar.bz2sign: sydbox-0.1_beta7.tar.bz2.ascsha1sum: 512b890ded05b59866fd6826f2f4af2a7b5366ec

Sydbox-0.1_beta7 is released. Fix magic stat problems on x86. Fix segmentation faults caused by wrong handling of the list of children. tarball: sydbox-0.1_beta7.tar.bz2sign: sydbox-0.1_beta7.tar.bz2.ascsha1sum: 512b890ded05b59866fd6826f2f4af2a7b5366ec

Sydbox-0.1_beta7 is released. Fix magic stat problems on x86. Fix segmentation faults caused by wrong handling of the list of children. tarball: sydbox-0.1_beta7.tar.bz2sign: sydbox-0.1_beta7.tar.bz2.ascsha1sum: 512b890ded05b59866fd6826f2f4af2a7b5366ec

It’s been a while since Ciaranm McCreesh started working on SUMMER, but now it finally found a proper place on Exherbo infrastructure: http://summer.exherbo.org/. SUMMER, also known as Statically Updated Metadata Manifestation for Exherbo ... [More] Repositories is an online browser for Exherbo packages. It’s written in Ruby, using Paludis’ Ruby bindings and ERB, a Ruby templating engine. Currently, packages’ metadata from all official repositories, plus all repositories included in the set of unofficial repositories known as ::unavailable-unofficial is available. Especially the integration of unofficial repositories,as an important part of Exherbo, makes SUMMER different from its counterparts in other distributions. The code is available on our gitweb. Suggestions, especially accompanied by git-format-patches, are highly welcomed! There’s a short wishlist in the README, which is hopefully going to start shrinking soon. [Less]

sydbox-0.1_beta5 is released. Implement /dev/sydbox/{un,}ban_exec. paludis-sydbox branch makes use of these magic commands to ban execve() calls in metadata phase. When shell_expand() returns empty string, it was added to the pathlist resulting ... [More] every path prefix check to be allowed, this is now fixed. tarball: sydbox-0.1_beta5.tar.bz2 sha1sum: 2b02bc204148f94bb79b7a5b190f1d2069394ecb [Less]

Sydbox-0.1_beta4 is released. Use an lstat(2) wrapper which tries hard to avoid ENAMETOOLONG issues. Handle /proc/self correctly when resolving paths. tarball: sydbox-0.1_beta4.tar.bz2sha1sum: ebc650689267539e22da1c1dc2aec818b29382c6

Running external commands in the metadata phase of exheres/ebuild is obviously abad idea because this phase is used to generate caches. Ciaranm has come up with an idea to generate Sydbox access violations whenexecve() family functions are called in ... [More] the metadata phase. This was rather easyto implement. I’ve added two Sydbox magic commands, namely /dev/sydbox/ban_exec and/dev/sydbox/unban_exec . Writing to the former file sets the flag to ban allexecve() calls and writing to the latter unsets the flag. A small example looks like: #!/bin/sh /bin/true # This call succeeds. :>/dev/sydbox/ban_exec /bin/true # This call fails with EACCES. :>/dev/sydbox/unban_exec /bin/true # This call succeeds. The last thing to do was to add support to Paludis.I’ve amended my sydbox support commit and added support to ban execve() calls in the metadata phase.If you’re using my paludis-sydbox branch, make sure to use sydbox-scm and not0.1_beta4. I think I’ll release 0.1_beta5 with only this change but I haveschool tomorrow and I won’t have internet access for two days. [Less]

Sydbox-0.1_beta4 is released. Use an lstat(2) wrapper which tries hard to avoid ENAMETOOLONG issues. Handle /proc/self correctly when resolving paths. tarball: sydbox-0.1_beta4.tar.bz2sha1sum: ebc650689267539e22da1c1dc2aec818b29382c6

Running external commands in the metadata phase of exheres/ebuild is obviously abad idea because this phase is used to generate caches. Ciaranm has come up with an idea to generate Sydbox access violations whenexecve() family functions are called in ... [More] the metadata phase. This was rather easyto implement. I’ve added two Sydbox magic commands, namely /dev/sydbox/ban_exec and/dev/sydbox/unban_exec . Writing to the former file sets the flag to ban allexecve() calls and writing to the latter unsets the flag. A small example looks like: #!/bin/sh /bin/true # This call succeeds. :>/dev/sydbox/ban_exec /bin/true # This call fails with EACCES. :>/dev/sydbox/unban_exec /bin/true # This call succeeds. The last thing to do was to add support to Paludis.I’ve amended my sydbox support commit and added support to ban execve() calls in the metadata phase.If you’re using my paludis-sydbox branch, make sure to use sydbox-scm and not0.1_beta4. I think I’ll release 0.1_beta5 with only this change but I haveschool tomorrow and I won’t have internet access for two days. [Less]