mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-10 15:01:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

profiles: enable ipc and network sandboxing

Browse Source 
Another day, another intermittent build failure because the local xml
docbook catalog didn't work right and the xml parser also failed to
fetch the schema over the network. Configure portage to use network
namespaces to prevent such situations from ever working in the first
place so at least the errors are unlikely to be intermittent.

For the sake of completeness use ipc namespaces too but that is less
likely to actually be a factor in our builds.
This commit is contained in:
Michael Marineau 2014-12-09 14:14:48 -08:00
parent 4891564ed3
commit 88c131cfd6
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults vendored
View File

@ -74,7 +74,8 @@ CCACHE_SIZE="2.5G"
# Always build binary packages, remove old build logs, avoid running as root. # Always build binary packages, remove old build logs, avoid running as root.
FEATURES="buildpkg ccache clean-logs compressdebug parallel-install splitdebug FEATURES="buildpkg ccache clean-logs compressdebug parallel-install splitdebug
userfetch userpriv usersandbox -merge-sync" userfetch userpriv usersandbox ipc-sandbox network-sandbox
-merge-sync"
# No need to restrict access to build directories in dev environments. # No need to restrict access to build directories in dev environments.
PORTAGE_WORKDIR_MODE="0755" PORTAGE_WORKDIR_MODE="0755"