original idea from jsyn@, discussed and first tests at c2k3
Warning!
- this commit is different from all patches sent around, please remove
them before updating
- due to a few bugs in systrace this is currently not ready for the casual
porter and several ports will fail to build, you've been warned
The idea of this patch is to help a porter when developing a new port.
With systrace the configure, build and fake stages are not allowed to
open network connections or write outside some well defined directories.
This way misbehaving programs will be noticed due to logfile entries in
/var/log/messages and the port can be fixed. There is generally no need
for endusers to use this, as the checksum ensures that ports in the
future will behave the same as they did when porting. :)
To activate systrace'd port building, set USE_SYSTRACE=Yes (e.g. in
/etc/mk.conf)
tested by some people, ok espie@
This is work-in-progress. Supplemental hooks will be added when they
become necessary.
The goal is to permit separate subsystems to tweak the package building
process slightly. This should help e.g., python or qt2, for instance.
Documentation will come when it's tested more thoroughly...
