sandbox: move away from separate macossandbox

Dropped prefixsandbox feature (protected at path level of $EPREFIX), to
align with master branch more.
Made macossandbox and macosusersandbox an execution mode of sandbox on
OSX platforms.
Documented that OS X sandbox is used, but that it is awfully slow (hence
sandbox is still not enabled by default for OSX (in Prefix)).

diff --git a/man/make.conf.5 b/man/make.conf.5
index c27a69f28600d15b0b08f145d51862e13faaa61f..c2351bd186ea431c9032031efd0983dde175e950 100644 (file)
--- a/man/make.conf.5
+++ b/man/make.conf.5
@@ -439,6 +439,10 @@ Output a verbose trace of python execution to stderr when a command's
 .TP
 .B sandbox
 Enable sandbox\-ing when running \fBemerge\fR(1) and \fBebuild\fR(1).
+On Mac OS X platforms that have /usr/bin/sandbox-exec available (10.5
+and later), this particular sandbox implementation is used instead of
+sys-apps/sandbox.  Note that using Mac OS X sandbox slows down the
+emerge process considerably, in particular for write operations.
 .TP
 .B sesandbox
 Enable SELinux sandbox\-ing.  Do not toggle this \fBFEATURE\fR yourself.

diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py
index 656d9ee2d324b04b8661bae3bffb40678f383692..083e0cefbcb06b24dbd262810cf6fc3a38288a30 100644 (file)
--- a/pym/portage/package/ebuild/doebuild.py
+++ b/pym/portage/package/ebuild/doebuild.py
@@ -1212,15 +1212,13 @@ def _spawn_actionmap(settings):
        restrict = settings["PORTAGE_RESTRICT"].split()
        nosandbox = (("userpriv" in features) and \
                ("usersandbox" not in features) and \
-               ("macosusersandbox" not in features) and \
                "userpriv" not in restrict and \
                "nouserpriv" not in restrict)
        if nosandbox and ("userpriv" not in features or \
                "userpriv" in restrict or \
                "nouserpriv" in restrict):
                nosandbox = ("sandbox" not in features and \
-                       "usersandbox" not in features and \
-                       "macosusersandbox" not in features)
+                       "usersandbox" not in features)
 
        if not portage.process.sandbox_capable:
                nosandbox = True
@@ -1386,26 +1384,13 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero
        # fake ownership/permissions will have to be converted to real
        # permissions in the merge phase.
        fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable
-       macossandbox = ("macossandbox" in features or \
-               "macosusersandbox" in features)
        if droppriv and not uid and portage_gid and portage_uid:
                keywords.update({"uid":portage_uid,"gid":portage_gid,
                        "groups":userpriv_groups,"umask":0o02})
        if not free:
-               free=((droppriv and "usersandbox" not in features and
-                       "macosusersandbox" not in features) or \
+               free=((droppriv and "usersandbox" not in features) or \
                        (not droppriv and "sandbox" not in features and \
-                       "usersandbox" not in features and not fakeroot and \
-                       not macossandbox))
-
-       # confining the process to a prefix sandbox is disabled by default, if
-       # a normal sandbox is requested a this point, it will be used, if no
-       # sandbox is requested, a prefix sandbox will be imposed if requested
-       # by the appropriate features
-       prefixsandbox = False
-       if free:
-               prefixsandbox = "macosprefixsandbox" in features
-               free = not prefixsandbox
+                       "usersandbox" not in features and not fakeroot))
 
        if not free and not (fakeroot or portage.process.sandbox_capable or \
                portage.process.macossandbox_capable):
@@ -1424,12 +1409,9 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero
                keywords["opt_name"] += " fakeroot"
                keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state")
                spawn_func = portage.process.spawn_fakeroot
-       elif macossandbox:
+       elif sandbox and platform.system() == 'Darwin':
                keywords["opt_name"] += " macossandbox"
-               if prefixsandbox:
-                       sbprefixpath = mysettings["EPREFIX"]
-               else:
-                       sbprefixpath = mysettings["PORTAGE_BUILDDIR"]
+               sbprefixpath = mysettings["PORTAGE_BUILDDIR"]
 
                # escape some characters with special meaning in re's
                sbprefixre = sbprefixpath.replace("+", "\+")