summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'sys-apps/sandbox')
-rw-r--r--sys-apps/sandbox/Manifest1
-rw-r--r--sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch34
-rw-r--r--sys-apps/sandbox/sandbox-2.8.ebuild124
3 files changed, 159 insertions, 0 deletions
diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest
index 42c825a90c91..e0fd4ea01f03 100644
--- a/sys-apps/sandbox/Manifest
+++ b/sys-apps/sandbox/Manifest
@@ -4,3 +4,4 @@ DIST sandbox-2.4.tar.xz 344664 SHA256 450599cb3052296d42f81a04dbbda82d220415fc2d
DIST sandbox-2.5.tar.xz 355680 SHA256 c0e98767fb70750d79591a6d08f81d5c2f13ce783bf94bd90677022e9103878a SHA512 7b870295bb78c1da5550b650a3983d93e503935a8e8452a29a5c6310cc2c2d569a898ea1534e2c670b4a3e5607504fac55f69da6878e0adc9c2c65a5476b4fb0 WHIRLPOOL 887d36638111b09d77674002c07ebad84c24bc4f645d9fb78e180a6c6e7407eb3fb6857877bc152e0cefb676f01df60b20857b8487ce28ff3e4438aef744fe53
DIST sandbox-2.6.tar.xz 366356 SHA256 95615c5879dfc419713f22ba5506a2802a50ea0ce8a2f57c656354f2e50b1c4d SHA512 32ba7fb675c67fdc8bc52da1db7ed6878e5fea8753accb30d9aca00f708e0dde03287b5962caf5ef031bea6934d6ef3e18404b015c70ebd551d3fd8109ad2371 WHIRLPOOL bab2d015fb0de92a2266408ca7941c8fb66b599179040cfc727ffce5b2424a9722dc55ba89d198e3361044d8cb357314205488d2a980c7b8af063fd8940f0c03
DIST sandbox-2.7.tar.xz 390304 SHA256 d6e1230180d84fb64c9788dd372a73a1cd2496ead91cad333a211320d3041149 SHA512 81056460afabe3f9163594f662f5faf87b6dfe8511a001fc4d6ce0171492eb29f3b645a45320032d34475bb2c24bf212d1d05b50878a340f1e2ca580f8f8f38a WHIRLPOOL ad070df6351537e49f939ba195f27ccf5e4566bb8b6e4ba391ab8174771eacf909571284c6fa873d5b55e8540605d2766a3de5d451b6af132c0ff6d96e43f554
+DIST sandbox-2.8.tar.xz 410588 SHA256 f01dcac27a4641d1898c4a19bf3a0572f8ec85c3ba12e6ede8af36f6bc047165 SHA512 73a21e72f5825f43ee887efbe73f4ccd8771c7f45438104077aa83448d0a2727ab65be89a7a1a690d3662594df680ca4dc29908763e5abe2a81594b6f8f6ff2e WHIRLPOOL 6c93a0d8737bab4e710f0f20645514c9a5413a2d357a64c2e8b8428567221b949134881e705f979aa374635a278c0b3c646a6cffaf1015024db8f2aab2ec7c74
diff --git a/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch b/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch
new file mode 100644
index 000000000000..d22f53b0f114
--- /dev/null
+++ b/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch
@@ -0,0 +1,34 @@
+From 6b9b505f4a7716a50ff9e63c85f2c4882987a732 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sun, 20 Sep 2015 04:40:39 -0400
+Subject: [PATCH] sandbox.conf: allow writing to /dev/ptmx
+
+We implicitly permit write access to this node by not catching functions
+like openpty and posix_openpt, but when projects try to access the node
+directly (due to legacy/fallback logic), the sandbox would reject them.
+Make access to the node explicit since it's generally harmless.
+
+URL: https://bugs.gentoo.org/413327
+URL: https://bugs.gentoo.org/550650
+URL: https://bugs.gentoo.org/550670
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ etc/sandbox.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/etc/sandbox.conf b/etc/sandbox.conf
+index dc460f0..1d7655c 100644
+--- a/etc/sandbox.conf
++++ b/etc/sandbox.conf
+@@ -64,7 +64,7 @@ SANDBOX_WRITE="/dev/zero:/dev/null:/dev/full"
+ # Console device nodes
+ SANDBOX_WRITE="/dev/console:/dev/tty:/dev/vc/:/dev/pty:/dev/tts"
+ # Device filesystems
+-SANDBOX_WRITE="/dev/pts/:/dev/shm"
++SANDBOX_WRITE="/dev/ptmx:/dev/pts/:/dev/shm"
+ # Tempory storage
+ SANDBOX_WRITE="/tmp/:/var/tmp/"
+ # Needed for shells
+--
+2.5.2
+
diff --git a/sys-apps/sandbox/sandbox-2.8.ebuild b/sys-apps/sandbox/sandbox-2.8.ebuild
new file mode 100644
index 000000000000..4f3de079a590
--- /dev/null
+++ b/sys-apps/sandbox/sandbox-2.8.ebuild
@@ -0,0 +1,124 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+#
+# don't monkey with this ebuild unless contacting portage devs.
+# period.
+#
+
+inherit eutils flag-o-matic toolchain-funcs multilib unpacker multiprocessing
+
+DESCRIPTION="sandbox'd LD_PRELOAD hack"
+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"
+SRC_URI="mirror://gentoo/${P}.tar.xz
+ https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE="multilib"
+
+DEPEND="app-arch/xz-utils
+ >=app-misc/pax-utils-0.1.19" #265376
+RDEPEND=""
+
+EMULTILIB_PKG="true"
+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
+
+sandbox_death_notice() {
+ ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
+ ewarn "FEATURES=-sandbox emerge sandbox"
+}
+
+sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; }
+
+sb_foreach_abi() {
+ local OABI=${ABI}
+ for ABI in $(sb_get_install_abis) ; do
+ cd "${WORKDIR}/build-${ABI}"
+ einfo "Running $1 for ABI=${ABI}..."
+ "$@"
+ done
+ ABI=${OABI}
+}
+
+src_unpack() {
+ unpacker
+ cd "${S}"
+ epatch "${FILESDIR}"/${P}-write-ptmx.patch #413327
+ epatch_user
+}
+
+sb_configure() {
+ mkdir "${WORKDIR}/build-${ABI}"
+ cd "${WORKDIR}/build-${ABI}"
+
+ use multilib && multilib_toolchain_setup ${ABI}
+
+ einfo "Configuring sandbox for ABI=${ABI}..."
+ ECONF_SOURCE="${S}" \
+ econf ${myconf} || die
+}
+
+sb_compile() {
+ emake || die
+}
+
+src_compile() {
+ filter-lfs-flags #90228
+
+ # Run configures in parallel!
+ multijob_init
+ local OABI=${ABI}
+ for ABI in $(sb_get_install_abis) ; do
+ multijob_child_init sb_configure
+ done
+ ABI=${OABI}
+ multijob_finish
+
+ sb_foreach_abi sb_compile
+}
+
+sb_test() {
+ emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" || die
+}
+
+src_test() {
+ sb_foreach_abi sb_test
+}
+
+sb_install() {
+ emake DESTDIR="${D}" install || die
+ insinto /etc/sandbox.d #333131
+ doins etc/sandbox.d/00default || die
+}
+
+src_install() {
+ sb_foreach_abi sb_install
+
+ doenvd "${FILESDIR}"/09sandbox
+
+ keepdir /var/log/sandbox
+ fowners root:portage /var/log/sandbox
+ fperms 0770 /var/log/sandbox
+
+ cd "${S}"
+ dodoc AUTHORS ChangeLog* NEWS README
+}
+
+pkg_preinst() {
+ chown root:portage "${D}"/var/log/sandbox
+ chmod 0770 "${D}"/var/log/sandbox
+
+ local old=$(find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
+ if [[ -n ${old} ]] ; then
+ elog "Removing old sandbox libraries for you:"
+ elog ${old//${ROOT}}
+ find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \;
+ fi
+}
+
+pkg_postinst() {
+ chmod 0755 "${ROOT}"/etc/sandbox.d #265376
+}