Bug #202697 - Add / to the default initial SANDBOX_READ in order to

avoid a situation where attempts to read arbitrary files trigger sandbox violations. (trunk r9085) svn path=/main/branches/2.1.2/; revision=9086
author: Zac Medico <zmedico@gentoo.org> 2007-12-28 23:15:55 +0000
committer: Zac Medico <zmedico@gentoo.org> 2007-12-28 23:15:55 +0000
commit: 09c6ebbd7655b6dd63b35a449330f6b43ec65e5f (patch)
tree: fdc75aef0bef8c656124950855a1300373933ed6 /bin
parent: b5d41fb2875c7a167dcd310827740d6c3f615dbc (diff)
download: portage-09c6ebbd7655b6dd63b35a449330f6b43ec65e5f.tar.gz
portage-09c6ebbd7655b6dd63b35a449330f6b43ec65e5f.tar.bz2
portage-09c6ebbd7655b6dd63b35a449330f6b43ec65e5f.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/bin/ebuild.sh b/bin/ebuild.sh
index d65ff69e9..51b0b5f2f 100755
--- a/bin/ebuild.sh
+++ b/bin/ebuild.sh
@@ -9,7 +9,7 @@ PORTAGE_PYM_PATH="${PORTAGE_PYM_PATH:-/usr/lib/portage/pym}"
 SANDBOX_PREDICT="${SANDBOX_PREDICT}:/proc/self/maps:/dev/console:/dev/random"
 export SANDBOX_PREDICT="${SANDBOX_PREDICT}:${PORTAGE_PYM_PATH}:${PORTAGE_DEPCACHEDIR}"
 export SANDBOX_WRITE="${SANDBOX_WRITE}:/dev/shm:/dev/stdout:/dev/stderr:${PORTAGE_TMPDIR}"
-export SANDBOX_READ="${SANDBOX_READ}:/dev/shm:/dev/stdin:${PORTAGE_TMPDIR}"
+export SANDBOX_READ="${SANDBOX_READ}:/:/dev/shm:/dev/stdin:${PORTAGE_TMPDIR}"
 # Don't use sandbox's BASH_ENV for new shells because it does
 # 'source /etc/profile' which can interfere with the build
 # environment by modifying our PATH.
author	Zac Medico <zmedico@gentoo.org>	2007-12-28 23:15:55 +0000
committer	Zac Medico <zmedico@gentoo.org>	2007-12-28 23:15:55 +0000
commit	09c6ebbd7655b6dd63b35a449330f6b43ec65e5f (patch)
tree	fdc75aef0bef8c656124950855a1300373933ed6 /bin
parent	b5d41fb2875c7a167dcd310827740d6c3f615dbc (diff)
download	portage-09c6ebbd7655b6dd63b35a449330f6b43ec65e5f.tar.gz portage-09c6ebbd7655b6dd63b35a449330f6b43ec65e5f.tar.bz2 portage-09c6ebbd7655b6dd63b35a449330f6b43ec65e5f.zip