diff options
Diffstat (limited to 'share')
| -rw-r--r-- | share/man/man5/bsd.port.mk.5 | 23 | ||||
| -rw-r--r-- | share/man/man7/ports.7 | 17 |
2 files changed, 38 insertions, 2 deletions
diff --git a/share/man/man5/bsd.port.mk.5 b/share/man/man5/bsd.port.mk.5 index c82ef0488cc..c4031023b6e 100644 --- a/share/man/man5/bsd.port.mk.5 +++ b/share/man/man5/bsd.port.mk.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bsd.port.mk.5,v 1.114 2003/07/25 12:54:42 espie Exp $ +.\" $OpenBSD: bsd.port.mk.5,v 1.115 2003/07/28 17:37:10 sturm Exp $ .\" .\" Copyright (c) 2000 Marc Espie .\" @@ -1033,6 +1033,8 @@ if platform does not support shared libraries. To be tested after including .Nm bsd.port.mk , if neither PFRAG.shared nor CONFIGURE_SHARED are enough. +.It Ev NO_SYSTRACE +Port does not build with systrace enabled build targets. .It Ev ONLY_FOR_ARCHS List of architectures on which this port builds. Can hold both processor-specific information (e.g., m68k), and more @@ -1320,6 +1322,19 @@ Defaults to .Pa /etc , should never be set to .Pa /usr/local/etc . +.It Ev SYSTRACE_FILTER +Location of the systrace filter file which is the basis for a port's +actual systrace policy file. +Defaults to +.Pa ${PORTSDIR}/infrastructure/db/systrace.filter . +.It Ev SYSTRACE_SUBST_VARS +List of variables used in ${SYSTRACE_FILTER} that will be substituted +by their real value when creating the systrace policy file. +Always holds +.Ev WRKOBJDIR , +.Ev PORTSDIR , +and +.Ev DISTDIR . .It Ev TAR Name of the tar binary. .It Ev TEMPLATES @@ -1408,6 +1423,12 @@ setting creates an extra flavor choice of .Sq lesstif . See also .Ev MOTIFLIB +.It Ev USE_SYSTRACE +Set to +.Sq Yes +to protect port building with systrace. +Set by the user, e.g. in +.Pa /etc/mk.conf . .It Ev USE_X11 Set to .Sq Yes diff --git a/share/man/man7/ports.7 b/share/man/man7/ports.7 index df430b0dc34..351b4a69f9e 100644 --- a/share/man/man7/ports.7 +++ b/share/man/man7/ports.7 @@ -23,7 +23,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ports.7,v 1.35 2003/06/22 13:21:50 sturm Exp $ +.\" $OpenBSD: ports.7,v 1.36 2003/07/28 17:37:11 sturm Exp $ .\" $FreeBSD: ports.7,v 1.7 1998/06/23 04:38:50 hoek Exp $ .\" .Dd January 25, 1998 @@ -451,6 +451,19 @@ If defined, display verbose output when applying each patch. If defined, only operate on a port if it requires interaction. .It Ev BATCH If defined, only operate on a port if it can be installed 100% automatically. +.It Ev USE_SYSTRACE +Set to +.Sq Yes +to protect the +.Ar configure , build , +and +.Ar fake +targets with +.Xr systrace 1 . +This way it is ensured that ports do not make any network connections +during build or write outside some well defined directories. +The filter list is stored in +.Pa ${PORTSDIR}/infrastructure/db/systrace.filter . .El .Sh USING A READ-ONLY PORTS TREE Select read-write partition(s) that can accommodate working directories, the @@ -478,6 +491,8 @@ The ports main engine. Network configuration defaults. .It Pa /usr/ports/infrastructure/db/network.conf Local network configuration. +.It Pa /usr/ports/infrastructure/db/systrace.filter +Filter list for systrace. .It Pa /usr/ports/infrastructure/db/user.list List of users and groups created by ports. .El |