``` #!/bin/bash dir=$(mktemp -d) cd "${dir}" rmdir "${dir}" find -name foo ``` run as ``` $ sandbox bash ./test.sh ``` Expected result: everything works fine Actual result: ``` * <PORTAGE_TMPDIR>/portage/sys-apps/sandbox-2.10-r2/work/sandbox-2.10/libsandbox/libsandbox.c:check_syscall():989: failure (No such file or directory): * ISE: abs_path: (null) res_path: (null) /usr/lib64/libsandbox.so(+0xab25)[0x7f425621eb25] /usr/lib64/libsandbox.so(+0xac12)[0x7f425621ec12] /usr/lib64/libsandbox.so(+0x4e02)[0x7f4256218e02] /usr/lib64/libsandbox.so(+0x4fd5)[0x7f4256218fd5] /usr/lib64/libsandbox.so(open+0x5a)[0x7f425621d65a] find[0x40feaf] find[0x417d63] find[0x40797a] find[0x403a91] /lib64/libc.so.6(__libc_start_main+0xf0)[0x7f4255b99620] /proc/3115/cmdline: find -name foo ./test.sh: line 6: 3115 Aborted (core dumped) find -name foo ``` Related bugs: https://bugs.gentoo.org/show_bug.cgi?id=590084#c3
i don't see a real requirement here to make this work
*** This bug has been marked as a duplicate of bug 590084 ***
(In reply to SpanKY from comment #1) > i don't see a real requirement here to make this work Well, while I agree that most users certainly celebrate those crashes, I've heard about some that are unhappy when that happens to their perfectly valid build systems.
(In reply to Jan Chren (rindeal) from comment #3) you haven't described any "perfectly valid build systems", just a contrived user case that doesn't normally show up and is trivial to work around
(In reply to SpanKY from comment #4) > (In reply to Jan Chren (rindeal) from comment #3) > > you haven't described any "perfectly valid build systems", just a contrived > user case that doesn't normally show up and is trivial to work around "contrived user case" is just your wild guessing. I naïvely thought that it was apparent so I will try to explain the intent of my first post. What I posted was the simplest way to reproduce this bug + one of the real world cases where this bug gets triggered. I have some more cases, but you already have more than enough info about this bug, so it'd only be a waste of my time.
(In reply to Jan Chren (rindeal) from comment #5) posting a reduced test case is useful, but it's not the same thing as showing real world impact, nor showing wide user impact. sandbox is not a security system, so if you're attempting to use it as such outside of portage, stop. if there was wide user impact, then we'd have more bugs, especially since this edge case has been in sandbox for years.
(In reply to SpanKY from comment #6) > (In reply to Jan Chren (rindeal) from comment #5) > > sandbox is not a security system, so if you're attempting to use it > as such outside of portage, stop. Luckily I have not even started. > if there was wide user impact, then we'd have more bugs, > especially since this edge case has been in sandbox for years. Unless the standard procedure when triggering this bug was to hide it with workarounds. And unless users, who hit the bug and successfully worked around it, didn't bother with reporting it upstream.
