Comment 1 Zac Medico 2007-01-17 07:03:54 UTC

(In reply to comment #0)
> With current policy, the only file types allowed as entrypoints to
> portage_t.sandbox are shells and portage executables. Either Portage needs to
> stop using `tee`, or the policy needs updating to allow any generic binary as
> an entrypoint.

I can see why you'd want to minimize the entry points into that precious PORTAGE_TMPDIR.  The log currently goes to ${T}/build.log when PORT_LOGDIR is unset but I suppose we can just send it to /dev/null when both PORT_LOGDIR is unset and sesandbox is enabled.  In that case you won't get the QA that comes from grepping build.log but you can always set PORT_LOGDIR if you want that.

Comment 2 Zac Medico 2007-01-17 07:23:42 UTC

Maybe I misunderstood.  Does this problem happen even when PORT_LOGDIR is set?  If that's the case, I suppose we can spawn tee in the regular PORTAGE_T context and then switch to the PORTAGE_SANDBOX_T context just to spawn the shell.  Shouldn't that work?

Comment 3 Zac Medico 2007-01-17 08:30:26 UTC

Created attachment 107250 [details, diff]
spawn tee outside of the sesandbox context

Hopefully this patch will solve the issue.  Please test.

Comment 4 Zac Medico 2007-01-17 21:56:10 UTC

In svn r5690 I've committed the patch which causes tee to be spawned outside of the sesandbox domain and read from a pipe between two domains.

@selinux:  Stephen says the patch works except that the ebuild process in the sesandbox domain doesn't have permission to write to the pipe.  Can the policy be updated so that pipe is allowed to work?

Comment 5 Zac Medico 2007-01-19 01:18:18 UTC

In svn r5718, I've fixed it so that logging with sesandbox will only occur when PORT_LOGDIR is explicitly enabled.

Comment 6 Zac Medico 2007-01-19 04:11:33 UTC

This has been released in 2.1.2-r1.