This is one of the tests I'm currently running on the tinderbox, but might actually be extended a bit more with actually a whitelist of directories we should allow.
For now I'm testing these directories:
/usr/man /usr/info /usr/X11R6 /usr/doc /usr/locale
while my /usr is this:
yamato ~ # ls /usr
GNUstep X11R6 cyrus displays dx games i486-pc-linux-gnu include lib local man nagios sbin share src tmp
NX bin diet doc etc grass63 i686-pc-linux-gnu kde libexec locale modules qt shaders shutdown ti-linux-gnu var
(get the results you want from that ;))
Note that X11R6 requires the xorg-x11 compatibility ebuild _not_ to be merged (maybe we should ask X11 to get rid of that?).
I don't get exactly what you are asking for here. I assume the end result is that:
Files should not be installed into these paths. We can possibly utilize sandbox here.
We can't disallow use of all these paths because existing ebuilds may need to clean up old data in old locations. Is this the extent of your request?
*** Bug 280853 has been marked as a duplicate of this bug. ***
I wanted same for X11 app-defaults directory in bug 280853 which should always be in /usr/share/X11/app-defaults or otherwise it simply won't work. It used to be in /etc and before that, in /usr/X11R6 and we still have unupdated ebuilds in tree.
Can we _please_ revisit this? Seems like new packages get actually added using these paths still, and at least those should be stopped.
Please at least add a warning in the build, and die only on stricter, for now if you prefer.
This is in git now:
This is fixed in 22.214.171.124 and 2.2_rc79.