diff options
Diffstat (limited to 'sys-apps/sandbox')
-rw-r--r-- | sys-apps/sandbox/Manifest | 1 | ||||
-rw-r--r-- | sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch | 34 | ||||
-rw-r--r-- | sys-apps/sandbox/sandbox-2.8.ebuild | 124 |
3 files changed, 159 insertions, 0 deletions
diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest index 42c825a90c91..e0fd4ea01f03 100644 --- a/sys-apps/sandbox/Manifest +++ b/sys-apps/sandbox/Manifest @@ -4,3 +4,4 @@ DIST sandbox-2.4.tar.xz 344664 SHA256 450599cb3052296d42f81a04dbbda82d220415fc2d DIST sandbox-2.5.tar.xz 355680 SHA256 c0e98767fb70750d79591a6d08f81d5c2f13ce783bf94bd90677022e9103878a SHA512 7b870295bb78c1da5550b650a3983d93e503935a8e8452a29a5c6310cc2c2d569a898ea1534e2c670b4a3e5607504fac55f69da6878e0adc9c2c65a5476b4fb0 WHIRLPOOL 887d36638111b09d77674002c07ebad84c24bc4f645d9fb78e180a6c6e7407eb3fb6857877bc152e0cefb676f01df60b20857b8487ce28ff3e4438aef744fe53 DIST sandbox-2.6.tar.xz 366356 SHA256 95615c5879dfc419713f22ba5506a2802a50ea0ce8a2f57c656354f2e50b1c4d SHA512 32ba7fb675c67fdc8bc52da1db7ed6878e5fea8753accb30d9aca00f708e0dde03287b5962caf5ef031bea6934d6ef3e18404b015c70ebd551d3fd8109ad2371 WHIRLPOOL bab2d015fb0de92a2266408ca7941c8fb66b599179040cfc727ffce5b2424a9722dc55ba89d198e3361044d8cb357314205488d2a980c7b8af063fd8940f0c03 DIST sandbox-2.7.tar.xz 390304 SHA256 d6e1230180d84fb64c9788dd372a73a1cd2496ead91cad333a211320d3041149 SHA512 81056460afabe3f9163594f662f5faf87b6dfe8511a001fc4d6ce0171492eb29f3b645a45320032d34475bb2c24bf212d1d05b50878a340f1e2ca580f8f8f38a WHIRLPOOL ad070df6351537e49f939ba195f27ccf5e4566bb8b6e4ba391ab8174771eacf909571284c6fa873d5b55e8540605d2766a3de5d451b6af132c0ff6d96e43f554 +DIST sandbox-2.8.tar.xz 410588 SHA256 f01dcac27a4641d1898c4a19bf3a0572f8ec85c3ba12e6ede8af36f6bc047165 SHA512 73a21e72f5825f43ee887efbe73f4ccd8771c7f45438104077aa83448d0a2727ab65be89a7a1a690d3662594df680ca4dc29908763e5abe2a81594b6f8f6ff2e WHIRLPOOL 6c93a0d8737bab4e710f0f20645514c9a5413a2d357a64c2e8b8428567221b949134881e705f979aa374635a278c0b3c646a6cffaf1015024db8f2aab2ec7c74 diff --git a/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch b/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch new file mode 100644 index 000000000000..d22f53b0f114 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch @@ -0,0 +1,34 @@ +From 6b9b505f4a7716a50ff9e63c85f2c4882987a732 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Sun, 20 Sep 2015 04:40:39 -0400 +Subject: [PATCH] sandbox.conf: allow writing to /dev/ptmx + +We implicitly permit write access to this node by not catching functions +like openpty and posix_openpt, but when projects try to access the node +directly (due to legacy/fallback logic), the sandbox would reject them. +Make access to the node explicit since it's generally harmless. + +URL: https://bugs.gentoo.org/413327 +URL: https://bugs.gentoo.org/550650 +URL: https://bugs.gentoo.org/550670 +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + etc/sandbox.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/etc/sandbox.conf b/etc/sandbox.conf +index dc460f0..1d7655c 100644 +--- a/etc/sandbox.conf ++++ b/etc/sandbox.conf +@@ -64,7 +64,7 @@ SANDBOX_WRITE="/dev/zero:/dev/null:/dev/full" + # Console device nodes + SANDBOX_WRITE="/dev/console:/dev/tty:/dev/vc/:/dev/pty:/dev/tts" + # Device filesystems +-SANDBOX_WRITE="/dev/pts/:/dev/shm" ++SANDBOX_WRITE="/dev/ptmx:/dev/pts/:/dev/shm" + # Tempory storage + SANDBOX_WRITE="/tmp/:/var/tmp/" + # Needed for shells +-- +2.5.2 + diff --git a/sys-apps/sandbox/sandbox-2.8.ebuild b/sys-apps/sandbox/sandbox-2.8.ebuild new file mode 100644 index 000000000000..4f3de079a590 --- /dev/null +++ b/sys-apps/sandbox/sandbox-2.8.ebuild @@ -0,0 +1,124 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# +# don't monkey with this ebuild unless contacting portage devs. +# period. +# + +inherit eutils flag-o-matic toolchain-funcs multilib unpacker multiprocessing + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/" +SRC_URI="mirror://gentoo/${P}.tar.xz + https://dev.gentoo.org/~vapier/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" +IUSE="multilib" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +EMULTILIB_PKG="true" +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES=-sandbox emerge sandbox" +} + +sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; } + +sb_foreach_abi() { + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + cd "${WORKDIR}/build-${ABI}" + einfo "Running $1 for ABI=${ABI}..." + "$@" + done + ABI=${OABI} +} + +src_unpack() { + unpacker + cd "${S}" + epatch "${FILESDIR}"/${P}-write-ptmx.patch #413327 + epatch_user +} + +sb_configure() { + mkdir "${WORKDIR}/build-${ABI}" + cd "${WORKDIR}/build-${ABI}" + + use multilib && multilib_toolchain_setup ${ABI} + + einfo "Configuring sandbox for ABI=${ABI}..." + ECONF_SOURCE="${S}" \ + econf ${myconf} || die +} + +sb_compile() { + emake || die +} + +src_compile() { + filter-lfs-flags #90228 + + # Run configures in parallel! + multijob_init + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + multijob_child_init sb_configure + done + ABI=${OABI} + multijob_finish + + sb_foreach_abi sb_compile +} + +sb_test() { + emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" || die +} + +src_test() { + sb_foreach_abi sb_test +} + +sb_install() { + emake DESTDIR="${D}" install || die + insinto /etc/sandbox.d #333131 + doins etc/sandbox.d/00default || die +} + +src_install() { + sb_foreach_abi sb_install + + doenvd "${FILESDIR}"/09sandbox + + keepdir /var/log/sandbox + fowners root:portage /var/log/sandbox + fperms 0770 /var/log/sandbox + + cd "${S}" + dodoc AUTHORS ChangeLog* NEWS README +} + +pkg_preinst() { + chown root:portage "${D}"/var/log/sandbox + chmod 0770 "${D}"/var/log/sandbox + + local old=$(find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*') + if [[ -n ${old} ]] ; then + elog "Removing old sandbox libraries for you:" + elog ${old//${ROOT}} + find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \; + fi +} + +pkg_postinst() { + chmod 0755 "${ROOT}"/etc/sandbox.d #265376 +} |