Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 891692 Details for
Bug 930668
sys-apps/sandbox: Improve README.md readability and provide guidance on documentation
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
FIXED patch to README.md with improved text
README.md.diff (text/plain), 2.66 KB, created by
Gil Kloepfer
on 2024-04-25 14:20:37 UTC
(
hide
)
Description:
FIXED patch to README.md with improved text
Filename:
MIME Type:
Creator:
Gil Kloepfer
Created:
2024-04-25 14:20:37 UTC
Size:
2.66 KB
patch
obsolete
>--- sandbox-2.38/README.md.ORIG 2021-11-03 11:01:42.000000000 -0500 >+++ sandbox-2.38/README.md 2024-04-25 09:18:55.449758161 -0500 >@@ -4,24 +4,24 @@ > environment. This is used as a QA measure to try and prevent applications from > modifying files they should not. > >-For example, in the Gentoo world we use it so we can build applications as root >-and make sure that the build system does not do crazy things outside of its >-build directory. Such as install files to the live root file system or modify >-config files on the fly. >+For example, in the Gentoo world we use it to build applications as root >+while making sure that the build system does not do crazy things outside of its >+build directory (such as install files to the live root file system or modify >+config files on the fly). > > For people who are familiar with the Debian "fakeroot" project or the RPM based > "InstallWatch", sandbox is in the same vein of projects. > > ## Method > >-The way sandbox works is that you prime a few environment variables (in order >-to control the sandbox's behavior) and then stick it into the LD_PRELOAD >-variable. Then when the ELF loader runs, it will first load the sandbox >-library. Whenever an applications makes a library call that we have wrapped, >-we'll check the arguments against the environment settings. Based on that, any >-access that is not permitted is logged and we return an error to the >-application. Any access that is permitted is of course forwarded along to the >-real C library. >+Sandbox works by priming a few environment variables (in order to control >+the sandbox's behavior) then inserting its own libsandbox.so into >+the LD_PRELOAD variable. This will cause the ELF loader to first load >+the sandbox library. Whenever an application makes a library call that >+has been wrapped, the arguments will be checked against the environment >+settings. Based on that, any access that is not permitted is logged and >+will return an error to the application. Any access that is permitted >+will, of course, be forwarded along to the real C library. > > Static ELFs and setuid/setgid programs are executed with > [ptrace()](https://man7.org/linux/man-pages/man2/ptrace.2.html) instead. >@@ -76,3 +76,13 @@ > * [Linux](https://kernel.org/) 3.8+ > * C library > * They all should work! >+ >+## Documentation >+ >+A manual page is not currently available, but a list of command-line options >+with descriptive text can be obtained by executing `sandbox --help`. >+ >+Additional options are read from `/etc/sandbox.conf` and files in >+`/etc/sandbox.d/`. A list of items that can appear in these files >+along with a description can be found in the `/etc/sandbox.conf` file >+that is included with the sandbox application.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=891692">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 930668
:
891691
| 891692 |
891757
