I've been messing around with namespaces and some of what systemd has
been doing with them, and I have an idea for a portage feature.
But before doing a brain dump of ideas, how useful would it be to have
a FEATURE for portage to do a limited-visibility build? That is, the
build would be run in an environment where the root filesystem appears
to contain everything in a DEPEND (including @system currently) and
nothing else? It might be useful both in development/testing, and
also in production use (not sure how performance would work in the
real world - I was able in a script to get it to build an enviornment
in a few seconds for a few packages).
I really crazy idea would be to try to run packages in a similar
environment, but I think that needs better kernel/etc level support
since the performance hit would be much more noticeable, except for
things like daemons that only start once.
Implementing it wouldn't necessarily be hard - just create a tmpfs
under /var/tmp/portage, unshare off a new mount namespace, and
read-only bind-mount everything needed from the root filesystem
(including /var/tmp/portage/...), and chroot into it. When the build
is done the process governing it terminates and the kernel wipes out
all the mounts and then portage unmounts the tmpfs. You wouldn't need
to use a tmpfs for the build - it would actually be zero-size as
reported by df since it just contains a bazillion bind mounts, though
all those mounts would consume slab memory.