set LD_PRELOAD=/usr/lib/xvnkb.so (which belongs to app-i18n/xvnkb) will break sandbox. The result is simple: you could not emerge anything anymore. Portage (or sandbox) should block app-i18n/xvnkb until i find out what was wrong (maybe global variable conflicts). The output is something like these: ./configure --prefix=/usr --host=i486-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --build=i486-pc-linux-gnu --with-cups --enable-gtk-doc Sandbox error : the SANDBOX_DENY environmental variable should be defined. Sandbox error : the SANDBOX_READ environmental variable should be defined. Sandbox error : the SANDBOX_WRITE environmental variable should be defined. Sandbox error : the SANDBOX_PREDICT environmental variable should be defined. ACCESS DENIED open_rd: /mnt/tmp/portage/libgnomeprint-2.10.3/work/libgnomeprint-2.10.3/configure SECURITY BREACH SANDBOX_LOG /tmp/sandbox-gnome-base_-_libgnomeprint-2.10.3-5660.log isn't allowed via SANDBOX_WRITE ./configure: ./configure: Permission denied My 'emerge --info' Portage 2.0.51.21 (default-linux/x86/2005.0, gcc-3.3.2, glibc-2.3.2-r9, 2.6.5-ge ntoo i686) ================================================================= System uname: 2.6.5-gentoo i686 Intel(R) Celeron(TM) CPU 1100MHz Gentoo Base System version 1.4.16 distcc 2.12.1 i486-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disable d] ccache version 2.3 [disabled] dev-lang/python: 2.3.2-r2 sys-apps/sandbox: 1.2.4 sys-devel/autoconf: 2.59-r5 sys-devel/automake: 1.8.3 sys-devel/binutils: 2.14.90.0.6-r2 sys-devel/libtool: 1.4.3-r1 virtual/os-headers: 2.6.5 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i486-pc-linux-gnu" CFLAGS="-O3 -mcpu=i686 -funroll-loops -pipe -fomit-frame-pointer -momit-leaf-frame-pointer -mmmx -msse" CHOST="i486-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O3 -mcpu=i686 -funroll-loops -pipe -fomit-frame-pointer -momit-leaf-frame-pointer -mmmx -msse" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccachecvs distlocks sandbox sfperms strict" GENTOO_MIRRORS="ftp://mirror.pacific.net.au/linux/Gentoo ftp://ftp.ecc.u-tokyo.ac.jp/GENTOO http://mirror.gentoo.gr.jp http://194.117.143.69" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/mnt/tmp" PORTDIR="/mnt/data/cvs/gentoo-x86" PORTDIR_OVERLAY="/mnt/data/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X aalib accessibility acpi alsa apache2 apm avi bash-completion berkdb bitmap-fonts bonobo crypt cups curl directfb doc eds emacs emboss encode esd fam fbcon flac foomaticdb fortran gd gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml guile imagemagick imlib ipv6 java jpeg ldap libg++ libwww mad mikmod mmx motif mozilla mp3 mpeg mysql ncurses nls nptl ogg oggvorbis opengl oss pam pdflib perl plotutils png postgres python quicktime readline ruby sdl slang spell sqlite sse ssl svga tcpd tetex tiff truetype truetype-fonts type1-fonts unicode usb vorbis xine xml xml2 xmms xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
why dont you have xvnkb block sandbox
because people may already installed xvnkb before updating portage. I haven't had much experiences with blockers so i'm not sure weather having xvnkb ebuild block portage would solve the problem because (i think) it should use the old already installed xvnkb ebuid instead of a new one.
one way blockers should be detected fine
Should work fine with sandbox-1.2.5.
