Ignore:
Timestamp:
Jul 24, 2006, 5:55:44 AM (13 years ago)
Author:
pguyot (Paul Guyot)
Message:

option -t update : now creations (and file write) outside workpath, and
temporary directories are forbidden (instead of just being reported).

Notes:

file deletion aren't forbidden.
there are other ways to alter the filesystem that aren't trapped and watched.

This works with the following changes:

  • darwintracelib1.0 now can forbid creations/writing outside the sandbox. This is controlled at compile time with a global variable to define the sandbox bounds.
  • option -t of port(1) now uses this feature and reports the violations
  • trace test was updated to work with this new feature (actually, I realized the test only passed on my box because the $pwd was hard coded).
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/base/src/port1.0/portutil.tcl

    r18144 r18709  
    11# et:ts=4
    22# portutil.tcl
    3 # $Id: portutil.tcl,v 1.192 2006/05/29 16:57:03 mww Exp $
     3# $Id: portutil.tcl,v 1.193 2006/07/24 05:55:44 pguyot Exp $
    44#
    55# Copyright (c) 2004 Robert Shaw <rshaw@opendarwin.org>
     
    636636                                && $target != "clean")} {
    637637                                trace_start $workpath
     638
     639                                # Enable the fence to prevent any creation/modification
     640                                # outside the sandbox.
     641                                if {$target != "activate"
     642                                        && $target != "archive"
     643                                        && $target != "fetch"
     644                                        && $target != "install"} {
     645                                        trace_enable_fence
     646                                }
    638647                        }
    639648
     
    709718                                }
    710719                                trace_check_deps $target $depsPorts
     720                                trace_check_violations
    711721                               
    712                                 # Check files that were created.
    713                                 if {$target != "activate"
    714                                         && $target != "archive"
    715                                         && $target != "fetch"
    716                                         && $target != "install"} {
    717                                         trace_check_create
    718                                 }
    719 
    720722                                # End of trace.
    721723                                trace_stop
Note: See TracChangeset for help on using the changeset viewer.