From 748af6ce22dae92ca0e18f2d24fab6f19763e32a Mon Sep 17 00:00:00 2001
From: Zac Medico <zmedico@gentoo.org>
Date: Sat, 24 Nov 2007 04:21:43 +0000
Subject: Unconditionally filter some of the SANDBOX_* variables from the
 environment in order to avoid potential interference problems. For example,
 having an invalid value for SANDBOX_LOG prevents the sandbox from killing the
 ebuild when a violation occurs.

svn path=/main/trunk/; revision=8636
---
 bin/ebuild.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'bin/ebuild.sh')

diff --git a/bin/ebuild.sh b/bin/ebuild.sh
index 6d38e57b4..ab663d028 100755
--- a/bin/ebuild.sh
+++ b/bin/ebuild.sh
@@ -1384,10 +1384,16 @@ filter_readonly_variables() {
 	local x filtered_vars var_grep
 	local readonly_bash_vars="DIRSTACK EUID FUNCNAME GROUPS
 		PIPESTATUS PPID SHELLOPTS UID"
+	local filtered_sandbox_vars="SANDBOX_ACTIVE SANDBOX_BASHRC
+		SANDBOX_DEBUG_LOG SANDBOX_DISABLED SANDBOX_LIB
+		SANDBOX_LOG"
 	filtered_vars="${readonly_bash_vars} ${READONLY_PORTAGE_VARS}
 		BASH_[_[:alnum:]]*"
-	hasq --filter-sandbox $* && \
+	if hasq --filter-sandbox $* ; then
 		filtered_vars="${filtered_vars} SANDBOX_[_[:alnum:]]*"
+	else
+		filtered_vars="${filtered_vars} ${filtered_sandbox_vars}"
+	fi
 	set -f
 	for x in ${filtered_vars} ; do
 		var_grep="${var_grep}|${x}"
-- 
cgit v1.2.3-1-g7c22