258684 – moving sandbox settings out of ebuild.sh and into sandbox

Bug 258684 - moving sandbox settings out of ebuild.sh and into sandbox

Summary: moving sandbox settings out of ebuild.sh and into sandbox

Status:	RESOLVED FIXED

Alias:	None

Product:	Portage Development
Classification:	Unclassified
Component:	Sandbox (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Portage team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	288863
	Show dependency tree

Reported:	2009-02-12 06:49 UTC by SpanKY
Modified:	2009-10-14 00:30 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SpanKY gentoo-dev

2009-02-12 06:49:28 UTC

is there a real need for these things to be in ebuild.sh ?
ebuild.sh:SANDBOX_PREDICT="...:/proc/self/maps:/dev/console:/dev/random"
ebuild.sh:SANDBOX_WRITE="...:/dev/shm:/dev/stdout:/dev/stderr:..."
ebuild.sh:SANDBOX_READ="...:/dev/shm:/dev/stdin:..."

/proc/self/maps -- err, what is writing to this ?  do we have any history here ?
/dev/console - already in sandbox-1.3.x
/dev/random - what needs this ?  istr java ?  should be in sandbox then ...
/dev/shm - already in sandbox-1.3.x
/dev/std{err,in,out} - symlinks to /dev/fd/ which is in sandbox-1.3.x

Comment 1 SpanKY gentoo-dev

2009-06-03 02:51:39 UTC

done

Comment 2 Zac Medico gentoo-dev

2009-08-03 23:01:00 UTC

This is fixed in 2.2_rc34.