as a nice QA measure, we should prevent access to $S in all pkg_* functions i think a combo of first adding it to the sandbox deny path and then setting it to a non-existent path should do the trick ... unsetting it might not be so hot as something like `rm -rf "${S}"/tmp` or `rm -rf "${S}"/usr` which previously would have been ok may now have disastrous consequences ...
Nice idea. I would suggest doing the same for FILESDIR.
Sounds good.
conversely, if we set ROOT to like /var/tmp/portage/eat/my/balls in all src_* functions and add that path to the sandbox deny path ...
Kinda relevant to this: 16:51 < ciaranm> incidentally... what i really want is a SANDBOX_WARN_READ etc 16:51 < ciaranm> so we can catch naughty ebuilds by doing SANDBOX_WARN_READ="${ROOT}" and setting ROOT to /blah/BAD_BROKEN_EBUILD_NO_COOKIE which is a symlink to / 16:52 < ferringb> ciaranm: that trick shouldn't work offhand 16:52 < ciaranm> ferringb: it won't work with sandbox the way it is currently, no 16:52 < ferringb> ciaranm: sandbox abspath's most of what it deals with.
*** Bug 170567 has been marked as a duplicate of this bug. ***
(In reply to SpanKY from comment #3) > conversely, if we set ROOT to like /var/tmp/portage/eat/my/balls in all > src_* functions and add that path to the sandbox deny path ... See-Also: bug #138388
