diff -Nur portage-2.0.51.20.orig/bin/ebuild.sh portage-2.0.51.20.sbnotify/bin/ebuild.sh
--- portage-2.0.51.20.orig/bin/ebuild.sh	2005-04-20 08:19:03.000000000 -0700
+++ portage-2.0.51.20.sbnotify/bin/ebuild.sh	2005-04-24 23:05:31.000000000 -0700
@@ -1124,7 +1124,9 @@
 	[ "${EMERGE_FROM}" == "binary" ] && IMAGE=${PKG_TMPDIR}/${PF}/bin \
 					|| IMAGE=${D}
 
+	[ -n "$SBNOTIFY_LOG" ] && export SBNOTIFY_EVENTMASK=2
 	pkg_preinst
+	[ -n "$SBNOTIFY_LOG" ] && export SBNOTIFY_EVENTMASK=0 && unset SBNOTIFY_LOG
 
 	# hopefully this will someday allow us to get rid of the no* feature flags
 	# we don't want globbing for initial expansion, but afterwards, we do
@@ -1749,6 +1751,7 @@
 		;;
 	prerm|postrm|postinst|config)
 		export SANDBOX_ON="0"
+		[ -n "$SBNOTIFY_LOG" ] && export SBNOTIFY_EVENTMASK=2
 		if [ "$PORTAGE_DEBUG" != "1" ]; then
 			pkg_${myarg}
 			#Allow non-zero return codes since they can be caused by &&
@@ -1758,6 +1761,7 @@
 			#Allow non-zero return codes since they can be caused by &&
 			set +x
 		fi
+		[ -n "$SBNOTIFY_LOG" ] && export SBNOTIFY_EVENTMASK=0 && unset SBNOTIFY_LOG
 		;;
 	unpack|compile|test|clean|install)
 		if [ "${SANDBOX_DISABLED="0"}" == "0" ]; then
diff -Nur portage-2.0.51.20.orig/pym/portage_const.py portage-2.0.51.20.sbnotify/pym/portage_const.py
--- portage-2.0.51.20.orig/pym/portage_const.py	2005-04-23 00:30:54.000000000 -0700
+++ portage-2.0.51.20.sbnotify/pym/portage_const.py	2005-04-24 23:06:38.000000000 -0700
@@ -25,6 +25,7 @@
 
 EBUILD_SH_BINARY        = PORTAGE_BIN_PATH+"/ebuild.sh"
 SANDBOX_BINARY          = "/usr/bin/sandbox"
+SANDBOX_LIB             = "/lib/libsandbox.so"
 DEPSCAN_SH_BINARY       = "/sbin/depscan.sh"
 BASH_BINARY             = "/bin/bash"
 MOVE_BINARY             = "/bin/mv"
diff -Nur portage-2.0.51.20.orig/pym/portage.py portage-2.0.51.20.sbnotify/pym/portage.py
--- portage-2.0.51.20.orig/pym/portage.py	2005-04-23 00:39:43.000000000 -0700
+++ portage-2.0.51.20.sbnotify/pym/portage.py	2005-04-24 23:05:31.000000000 -0700
@@ -81,7 +81,7 @@
 	  MOVE_BINARY, PRELINK_BINARY, WORLD_FILE, MAKE_CONF_FILE, MAKE_DEFAULTS_FILE, \
 	  DEPRECATED_PROFILE_FILE, USER_VIRTUALS_FILE, EBUILD_SH_ENV_FILE, \
 	  INVALID_ENV_FILE, CUSTOM_MIRRORS_FILE, SANDBOX_PIDS_FILE, CONFIG_MEMORY_FILE,\
-	  INCREMENTALS, STICKIES
+	  INCREMENTALS, STICKIES, SANDBOX_LIB
 
 	from portage_data import ostype, lchown, userland, secpass, uid, wheelgid, \
 	                         portage_uid, portage_gid
@@ -2314,7 +2314,7 @@
 				droppriv=actionmap[mydo]["args"][1],logfile=logfile)
 	return retval
 
-def doebuild(myebuild,mydo,myroot,mysettings,debug=0,listonly=0,fetchonly=0,cleanup=0,dbkey=None,use_cache=1,fetchall=0,tree="porttree"):
+def doebuild(myebuild,mydo,myroot,mysettings,debug=0,listonly=0,fetchonly=0,cleanup=0,dbkey=None,use_cache=1,fetchall=0,tree="porttree",sbnotify_log=None):
 	global db
 	
 	ebuild_path = os.path.abspath(myebuild)
@@ -2595,6 +2595,9 @@
 		return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile)
 	elif mydo in ["prerm","postrm","preinst","postinst","config"]:
 		mysettings.load_infodir(pkg_dir)
+		if sbnotify_log:
+			mysettings["LD_PRELOAD"]=SANDBOX_LIB
+			mysettings["SBNOTIFY_LOG"]=sbnotify_log
 		return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile)
 	
 	try: 
@@ -6428,12 +6431,15 @@
 		print ">>> Merging",self.mycpv,"to",destroot
 
 		# run preinst script
+		sbnotify_log=None
+		if "sbnotify" in features:
+			sbnotify_log=self.dbtmpdir+"/PREINST"
 		if myebuild:
 			# if we are merging a new ebuild, use *its* pre/postinst rather than using the one in /var/db/pkg
 			# (if any).
-			a=doebuild(myebuild,"preinst",root,self.settings,cleanup=cleanup,use_cache=0)
+			a=doebuild(myebuild,"preinst",root,self.settings,cleanup=cleanup,use_cache=0,sbnotify_log=sbnotify_log)
 		else:
-			a=doebuild(inforoot+"/"+self.pkg+".ebuild","preinst",root,self.settings,cleanup=cleanup,use_cache=0)
+			a=doebuild(inforoot+"/"+self.pkg+".ebuild","preinst",root,self.settings,cleanup=cleanup,use_cache=0,sbnotify_log=sbnotify_log)
 
 		# XXX: Decide how to handle failures here.
 		if a != 0:
@@ -6514,13 +6520,6 @@
 			self.dbdir = self.dbtmpdir
 			print ">>> original instance of package unmerged safely."	
 
-		# We hold both directory locks.
-		self.dbdir = self.dbpkgdir
-		self.delete()
-		movefile(self.dbtmpdir, self.dbpkgdir, mysettings=self.settings)
-
-		self.unlockdb()
-
 		#write out our collection of md5sums
 		if cfgfiledict.has_key("IGNORE"):
 			del cfgfiledict["IGNORE"]
@@ -6545,12 +6544,22 @@
 		portage_locks.unlockfile(mylock)
 		
 		#do postinst script
+		sbnotify_log=None
+		if "sbnotify" in features:
+			sbnotify_log=self.dbtmpdir+"/POSTINST"
 		if myebuild:
 			# if we are merging a new ebuild, use *its* pre/postinst rather than using the one in /var/db/pkg 
 			# (if any).
-			a=doebuild(myebuild,"postinst",root,self.settings,use_cache=0)
+			a=doebuild(myebuild,"postinst",root,self.settings,use_cache=0,sbnotify_log=sbnotify_log)
 		else:
-			a=doebuild(inforoot+"/"+self.pkg+".ebuild","postinst",root,self.settings,use_cache=0)
+			a=doebuild(inforoot+"/"+self.pkg+".ebuild","postinst",root,self.settings,use_cache=0,sbnotify_log=sbnotify_log)
+
+		# We hold both directory locks.
+		self.dbdir = self.dbpkgdir
+		self.delete()
+		movefile(self.dbtmpdir, self.dbpkgdir, mysettings=self.settings)
+
+		self.unlockdb()
 
 		# XXX: Decide how to handle failures here.
 		if a != 0: