678596 – sys-apps/sandbox - add /usr/tmp to default SANDBOX_WRITE

Bug 678596 - sys-apps/sandbox - add /usr/tmp to default SANDBOX_WRITE

Summary: sys-apps/sandbox - add /usr/tmp to default SANDBOX_WRITE

Status:	RESOLVED INVALID

Alias:	None

Product:	Portage Development
Classification:	Unclassified
Component:	Sandbox (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Sandbox Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2019-02-22 16:39 UTC by Mike Gilbert
Modified:	2019-02-22 17:27 UTC (History)
CC List:	0 users

See Also:	647678
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mike Gilbert gentoo-dev

2019-02-22 16:39:30 UTC

The AC_SYS_LONG_FILE_NAMES autoconf macro attempts to write to /usr/tmp if that directory exists and is writable. It probably makes sense to whitelist this path by default.

From autoconf/specific.m4:

# Test for long file names in all the places we know might matter:
#      .        the current directory, where building will happen
#      $prefix/lib  where we will be installing things
#      $exec_prefix/lib likewise
#      $TMPDIR      if set, where it might want to write temporary files
#      /tmp     where it might want to write temporary files
#      /var/tmp     likewise
#      /usr/tmp     likewise

It seems like $prefix/lib and $exec_prefix/lib might also be problematic if userpriv is disabled in portage.

Comment 1 Mike Gilbert gentoo-dev

2019-02-22 17:27:15 UTC

Apparently we already do this in /etc/sandbox.d/00default. My mistake.