diff options
author | Zac Medico <zmedico@gentoo.org> | 2007-12-28 23:12:24 +0000 |
---|---|---|
committer | Zac Medico <zmedico@gentoo.org> | 2007-12-28 23:12:24 +0000 |
commit | 880e2ef3c4f9b09e69d1e7164e5ef09c026da833 (patch) | |
tree | 4de88f1cdbf32ff239bfda4bdcd04885cd8b8030 | |
parent | 8970d4fc1446536cefa4f9076ce107e2d2f4b020 (diff) | |
download | portage-880e2ef3c4f9b09e69d1e7164e5ef09c026da833.tar.gz portage-880e2ef3c4f9b09e69d1e7164e5ef09c026da833.tar.bz2 portage-880e2ef3c4f9b09e69d1e7164e5ef09c026da833.zip |
Bug #202697 - Add / to the default initial SANDBOX_READ in order to
avoid a situation where attempts to read arbitrary files trigger
sandbox violations.
svn path=/main/trunk/; revision=9085
-rwxr-xr-x | bin/ebuild.sh | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bin/ebuild.sh b/bin/ebuild.sh index d65ff69e9..51b0b5f2f 100755 --- a/bin/ebuild.sh +++ b/bin/ebuild.sh @@ -9,7 +9,7 @@ PORTAGE_PYM_PATH="${PORTAGE_PYM_PATH:-/usr/lib/portage/pym}" SANDBOX_PREDICT="${SANDBOX_PREDICT}:/proc/self/maps:/dev/console:/dev/random" export SANDBOX_PREDICT="${SANDBOX_PREDICT}:${PORTAGE_PYM_PATH}:${PORTAGE_DEPCACHEDIR}" export SANDBOX_WRITE="${SANDBOX_WRITE}:/dev/shm:/dev/stdout:/dev/stderr:${PORTAGE_TMPDIR}" -export SANDBOX_READ="${SANDBOX_READ}:/dev/shm:/dev/stdin:${PORTAGE_TMPDIR}" +export SANDBOX_READ="${SANDBOX_READ}:/:/dev/shm:/dev/stdin:${PORTAGE_TMPDIR}" # Don't use sandbox's BASH_ENV for new shells because it does # 'source /etc/profile' which can interfere with the build # environment by modifying our PATH. |