Bug 678596

Summary:	sys-apps/sandbox - add /usr/tmp to default SANDBOX_WRITE
Product:	Portage Development	Reporter:	Mike Gilbert <floppym>
Component:	Sandbox	Assignee:	Sandbox Maintainers <sandbox>
Status:	RESOLVED INVALID
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=647678
Whiteboard:
Package list:		Runtime testing required:	---

Description Mike Gilbert gentoo-dev

2019-02-22 16:39:30 UTC

The AC_SYS_LONG_FILE_NAMES autoconf macro attempts to write to /usr/tmp if that directory exists and is writable. It probably makes sense to whitelist this path by default.

From autoconf/specific.m4:

# Test for long file names in all the places we know might matter:
#      .        the current directory, where building will happen
#      $prefix/lib  where we will be installing things
#      $exec_prefix/lib likewise
#      $TMPDIR      if set, where it might want to write temporary files
#      /tmp     where it might want to write temporary files
#      /var/tmp     likewise
#      /usr/tmp     likewise

It seems like $prefix/lib and $exec_prefix/lib might also be problematic if userpriv is disabled in portage.

Comment 1 Mike Gilbert gentoo-dev

2019-02-22 17:27:15 UTC

Apparently we already do this in /etc/sandbox.d/00default. My mistake.