various ebuilds (screen, vim-core, vi, gvim) call (or called in old versions) sandbox functions add(read|write|deny|predict)() passing multiple arguments, e.g. arguments containing shell wildcards. example: gvim-6.1-r6.ebuild calls 'addwrite /dev/pty/*' - but addwrite() only adds the first positional parameter to the variable SANDBOX_WRITE. of course, those ebuilds should be fixed. but maybe it's a good idea to change the sandbox functions to add ALL parameters to the variable they export. my patch follows.
Created attachment 7601 [details, diff] patch for sandbox functions in /usr/lib/portage/bin/ebuild.sh changes sandbox functions to accept multiple arguments.
the way to fix 'addwrite /dev/pty/*' would be to make it 'addwrite /dev/pty'
i filed bug reports for both ebuilds (gvim and vi) which called 'add...() /dev/pty/*' [bug #14495 and #14496]. to change the sandox functions was meant as an enhancement (see bug severity...). i don't know if that's useful for anybody beside me ;-)
bugs sent to respective packages