1 |
commit: 543a9a0f3a27d387dbba0a92c2ac85e2dd71a73f |
2 |
Author: Jory A. Pratt <anarchy <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Aug 29 03:49:30 2015 +0000 |
4 |
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Aug 29 03:49:30 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/dev/anarchy.git/commit/?id=543a9a0f |
7 |
|
8 |
remove sandbox hacks |
9 |
|
10 |
sys-apps/sandbox/Manifest | 10 - |
11 |
sys-apps/sandbox/files/09sandbox | 1 - |
12 |
.../files/sandbox-2.6-check-empty-paths-at.patch | 201 --------------------- |
13 |
sys-apps/sandbox/files/sandbox-2.6-desktop.patch | 30 --- |
14 |
.../sandbox/files/sandbox-2.6-hardened-pch.patch | 88 --------- |
15 |
sys-apps/sandbox/files/sandbox-2.6-log-var.patch | 51 ------ |
16 |
.../sandbox/files/sandbox-2.6-open-nofollow.patch | 54 ------ |
17 |
.../files/sandbox-2.6-static-close-fd.patch | 93 ---------- |
18 |
.../sandbox/files/sandbox-2.6-trace-hppa.patch | 27 --- |
19 |
sys-apps/sandbox/sandbox-2.6-r1.ebuild | 132 -------------- |
20 |
10 files changed, 687 deletions(-) |
21 |
|
22 |
diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest |
23 |
deleted file mode 100644 |
24 |
index 33c0d48..0000000 |
25 |
--- a/sys-apps/sandbox/Manifest |
26 |
+++ /dev/null |
27 |
@@ -1,10 +0,0 @@ |
28 |
-AUX 09sandbox 37 SHA256 73e9e9d12ba54f1c649813ec86107924050528852c890a8ba1e2853796781bbe SHA512 4e8a9c58debde6480224a45559c5f2db4765213d151e47937f9142f110cac3681bf6402acaf21249a37bb17398e7bc00ae7feee68ecdb5b9363c432eac1b052a WHIRLPOOL 80d55a34d3faf3314f2b9de2200d4b46a800128514be9e30eb59e5f03fb7a0a5197a9e5b5ab33d6b68d35bf83c86a1bd7ba734a33ccd382fe0af3b2c2a11d0bd |
29 |
-AUX sandbox-2.6-check-empty-paths-at.patch 7454 SHA256 a48759a4d3e9a70713473b6fad59bdd750b5cd37e7d632c786205ff20004ae2c SHA512 5eba7915dedf57f44c37881e9c6b48db8733d1493779a33127d08bb9ea77056d788ec9ace72c13eb101f42f01c95309c7cebca6c76212a8c99a8655372c0b7d7 WHIRLPOOL 46eb3a8ef8f22030cd793f3b16adc190b5750019c0df83e161c6918f08555a8ad890c1425b03cbf7e53ebcd34a07a9dd9b594d0c0fe31834656ffce3d58fa284 |
30 |
-AUX sandbox-2.6-desktop.patch 875 SHA256 2eecf67790aeac210f9aa899a86f7664776ed65d9b55159e1b359162dfb9ff74 SHA512 b72ec7f414d19bf513dfb1aea10523fa5dc07a1375d8f08f664d204b64b23c891a79ca14987528c595936f441e1f595b366aabbc57313667c7639d73d089ed9a WHIRLPOOL 7f787b8be9b5712eb2b2a0cd2ff825df1045ebf1cc4e73a50f610e620d30752045690a5c28835465d0ab0c3c4a9eaf8b92a5c123cd741ad69dfedb31aa457fa0 |
31 |
-AUX sandbox-2.6-hardened-pch.patch 2615 SHA256 b24500876b595dcaee46e23dffedc50729ce7af1c7fbfce9cead2cd7a8566ff3 SHA512 439f78d0261996a648053f3b34a9fa34eb0d145862136769a3d448f5314be76046d02a0bcce8fd9cfb59d82fdafe79653c182d104f98c4b51be2c08ce835c8bd WHIRLPOOL 8221650ad746161af71a1b1f5f041a5696b4168d2c1fd3fb1997ba0464ef14de50592d9dd4ecc6981f812ae50e4d2c18c138a40bcdcce1b7f6d5b84f711211a6 |
32 |
-AUX sandbox-2.6-log-var.patch 2039 SHA256 f464a29cdd9de0c510277310f4febc8f96515ff2ff03fc92df1c75b9cbd75619 SHA512 cf6f900b4078eff5870b63b2bc7c81c5b00488e030d7e9ce3007693e9d1339ac6201ddacfaff552c6c9b99b6d32383229133c80190404b7e4fde06ad376b2050 WHIRLPOOL db99737a6567788194f7b37b12b92fcfb4c263df40f40aef9e0a3ef2b6a1523331313b791fffa2b26775b646795364ab1db1711eb4329cda3337df27aebfeffa |
33 |
-AUX sandbox-2.6-open-nofollow.patch 2027 SHA256 c8816ae4e1991f9941abd43ec4bfdbf4e99cf36ee90694f77ab88754c53785ce SHA512 dd5222f32a40def38c9719363a24c48d5b112e3560b44c5f32afc3daa0614fe9bc5cb68ca8ac69032cc8d6299f09b25d4d7c72e16892188b42768ffb28c19f07 WHIRLPOOL 03cb5fb9df04a8d7f92855c292a6c431d01d330fecae198f2c4b95d824454f10ce1ad66db1a9d54d1bef5f74989cf6debb2d98de28ee0c2c6a09c1a0752b5519 |
34 |
-AUX sandbox-2.6-static-close-fd.patch 2945 SHA256 807eb4dc1ba6543c94a90a9a53bb89f42079ea20ed7c196f82d65f280e5de96a SHA512 e2f57c4d80816241f3ba4828c2b27c67d1d604b14b2d575888a978e5c4e8e47e60e3a609d81e59c615bc5b7cee6194cc362e255ae8508f632862a35180c30de8 WHIRLPOOL e08f60227fe954894d3a3a01297e9988f4d7722ea75ffbd2b0f3971d38c8ce00af230fcaecb1f53243a868d54f48bb680e2d547bbeb2ee3e5a11f8942d2084fd |
35 |
-AUX sandbox-2.6-trace-hppa.patch 850 SHA256 20688b2f33162f95af4af5e3c7d3700f2e7776e454b785ac1398f0870f84efa9 SHA512 fb7bf2202f960e952edc1e52fe4b6b085042158223d96b9baa899e871abcdef711ede3122c971120f55f71cc1aad71496a6079222dbaaa6c14b0c6f7ea182454 WHIRLPOOL 80f7fb529b912d19d81b9d71ee4a648db7b217583f2e8f2054cc666839030ea7d0112d69d52a2bf35c4d3549ffbd81dbd0cd39d5993bfabbb43bcb6a4455ade4 |
36 |
-DIST sandbox-2.6.tar.xz 366356 SHA256 95615c5879dfc419713f22ba5506a2802a50ea0ce8a2f57c656354f2e50b1c4d SHA512 32ba7fb675c67fdc8bc52da1db7ed6878e5fea8753accb30d9aca00f708e0dde03287b5962caf5ef031bea6934d6ef3e18404b015c70ebd551d3fd8109ad2371 WHIRLPOOL bab2d015fb0de92a2266408ca7941c8fb66b599179040cfc727ffce5b2424a9722dc55ba89d198e3361044d8cb357314205488d2a980c7b8af063fd8940f0c03 |
37 |
-EBUILD sandbox-2.6-r1.ebuild 3161 SHA256 964556ee3f429cedbd54d4ea9c8c9a468b886199f390b909864e5c35a454bfa4 SHA512 25492535b1a623482c3bec466a3cfc8277ef5f82e3548085dc35a0ac24c5ab5cbedd32ad99c9da07dccd9c116b1c5a532908c5a3023aea6cdfb4dd94ec380c04 WHIRLPOOL 6fb8b8d1426bc8f6e0496bf6afe693bf544fdabacbdefdb310261e0d5dc0ba7548c26a8d26d4c29e8885805ebccc5e9852c3a2573cd6815960aa8f9ee2d21973 |
38 |
|
39 |
diff --git a/sys-apps/sandbox/files/09sandbox b/sys-apps/sandbox/files/09sandbox |
40 |
deleted file mode 100644 |
41 |
index 9181eb0..0000000 |
42 |
--- a/sys-apps/sandbox/files/09sandbox |
43 |
+++ /dev/null |
44 |
@@ -1 +0,0 @@ |
45 |
-CONFIG_PROTECT_MASK="/etc/sandbox.d" |
46 |
|
47 |
diff --git a/sys-apps/sandbox/files/sandbox-2.6-check-empty-paths-at.patch b/sys-apps/sandbox/files/sandbox-2.6-check-empty-paths-at.patch |
48 |
deleted file mode 100644 |
49 |
index e4dc529..0000000 |
50 |
--- a/sys-apps/sandbox/files/sandbox-2.6-check-empty-paths-at.patch |
51 |
+++ /dev/null |
52 |
@@ -1,201 +0,0 @@ |
53 |
-From dd726dcc6a95355d0e0cc949018d9c8aefc89a02 Mon Sep 17 00:00:00 2001 |
54 |
-From: Mike Frysinger <vapier@g.o> |
55 |
-Date: Mon, 24 Dec 2012 19:41:49 -0500 |
56 |
-Subject: [PATCH 1/2] libsandbox: reject "" paths with *at funcs before |
57 |
- checking the dirfd |
58 |
- |
59 |
-When it comes to processing errors, an empty path is checked before |
60 |
-an invalid dirfd. Make sure sandbox matches that behavior for the |
61 |
-random testsuites out there that look for this. |
62 |
- |
63 |
-URL: https://bugs.gentoo.org/346929 |
64 |
-Reported-by: Marien Zwart <marienz@g.o> |
65 |
-Signed-off-by: Mike Frysinger <vapier@g.o> |
66 |
---- |
67 |
- libsandbox/wrapper-funcs/__pre_check.c | 2 ++ |
68 |
- libsandbox/wrapper-funcs/mkdirat_pre_check.c | 17 +++++------------ |
69 |
- libsandbox/wrapper-funcs/openat_pre_check.c | 15 ++++----------- |
70 |
- libsandbox/wrapper-funcs/unlinkat_pre_check.c | 17 +++++------------ |
71 |
- libsandbox/wrappers.h | 2 ++ |
72 |
- tests/mkdirat-3.sh | 7 +++++++ |
73 |
- tests/mkdirat.at | 1 + |
74 |
- tests/openat-2.sh | 9 +++++++++ |
75 |
- tests/openat.at | 1 + |
76 |
- tests/unlinkat-4.sh | 7 +++++++ |
77 |
- tests/unlinkat.at | 1 + |
78 |
- 11 files changed, 44 insertions(+), 35 deletions(-) |
79 |
- create mode 100755 tests/mkdirat-3.sh |
80 |
- create mode 100755 tests/openat-2.sh |
81 |
- create mode 100755 tests/unlinkat-4.sh |
82 |
- |
83 |
-diff --git a/libsandbox/wrapper-funcs/__pre_check.c b/libsandbox/wrapper-funcs/__pre_check.c |
84 |
-index 2d5711f..28ad91f 100644 |
85 |
---- a/libsandbox/wrapper-funcs/__pre_check.c |
86 |
-+++ b/libsandbox/wrapper-funcs/__pre_check.c |
87 |
-@@ -20,3 +20,5 @@ |
88 |
- #if SB_NR_UNLINK != SB_NR_UNDEF && SB_NR_UNLINKAT == SB_NR_UNDEF |
89 |
- # include "unlinkat_pre_check.c" |
90 |
- #endif |
91 |
-+ |
92 |
-+#include "__pre_at_check.c" |
93 |
-diff --git a/libsandbox/wrapper-funcs/mkdirat_pre_check.c b/libsandbox/wrapper-funcs/mkdirat_pre_check.c |
94 |
-index 77a65df..0b48d1f 100644 |
95 |
---- a/libsandbox/wrapper-funcs/mkdirat_pre_check.c |
96 |
-+++ b/libsandbox/wrapper-funcs/mkdirat_pre_check.c |
97 |
-@@ -1,20 +1,13 @@ |
98 |
- bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd) |
99 |
- { |
100 |
- char canonic[SB_PATH_MAX]; |
101 |
-- char dirfd_path[SB_PATH_MAX]; |
102 |
- |
103 |
- save_errno(); |
104 |
- |
105 |
-- /* Expand the dirfd path first */ |
106 |
-- switch (resolve_dirfd_path(dirfd, pathname, dirfd_path, sizeof(dirfd_path))) { |
107 |
-- case -1: |
108 |
-- sb_debug_dyn("EARLY FAIL: %s(%s) @ resolve_dirfd_path: %s\n", |
109 |
-- func, pathname, strerror(errno)); |
110 |
-- return false; |
111 |
-- case 0: |
112 |
-- pathname = dirfd_path; |
113 |
-- break; |
114 |
-- } |
115 |
-+ /* Check incoming args against common *at issues */ |
116 |
-+ char dirfd_path[SB_PATH_MAX]; |
117 |
-+ if (!sb_common_at_pre_check(func, &pathname, dirfd, dirfd_path, sizeof(dirfd_path))) |
118 |
-+ return false; |
119 |
- |
120 |
- /* Then break down any relative/symlink paths */ |
121 |
- if (-1 == canonicalize(pathname, canonic)) |
122 |
-diff --git a/libsandbox/wrapper-funcs/openat_pre_check.c b/libsandbox/wrapper-funcs/openat_pre_check.c |
123 |
-index 0127708..5fd5eaa 100644 |
124 |
---- a/libsandbox/wrapper-funcs/openat_pre_check.c |
125 |
-+++ b/libsandbox/wrapper-funcs/openat_pre_check.c |
126 |
-@@ -15,17 +15,10 @@ bool sb_openat_pre_check(const char *func, const char *pathname, int dirfd, int |
127 |
- |
128 |
- save_errno(); |
129 |
- |
130 |
-- /* Expand the dirfd path first */ |
131 |
-+ /* Check incoming args against common *at issues */ |
132 |
- char dirfd_path[SB_PATH_MAX]; |
133 |
-- switch (resolve_dirfd_path(dirfd, pathname, dirfd_path, sizeof(dirfd_path))) { |
134 |
-- case -1: |
135 |
-- sb_debug_dyn("EARLY FAIL: %s(%s) @ resolve_dirfd_path: %s\n", |
136 |
-- func, pathname, strerror(errno)); |
137 |
-- return false; |
138 |
-- case 0: |
139 |
-- pathname = dirfd_path; |
140 |
-- break; |
141 |
-- } |
142 |
-+ if (!sb_common_at_pre_check(func, &pathname, dirfd, dirfd_path, sizeof(dirfd_path))) |
143 |
-+ return false; |
144 |
- |
145 |
- /* Doesn't exist -> skip permission checks */ |
146 |
- struct stat st; |
147 |
-diff --git a/libsandbox/wrapper-funcs/unlinkat_pre_check.c b/libsandbox/wrapper-funcs/unlinkat_pre_check.c |
148 |
-index 9f5e7d7..c004d15 100644 |
149 |
---- a/libsandbox/wrapper-funcs/unlinkat_pre_check.c |
150 |
-+++ b/libsandbox/wrapper-funcs/unlinkat_pre_check.c |
151 |
-@@ -1,20 +1,13 @@ |
152 |
- bool sb_unlinkat_pre_check(const char *func, const char *pathname, int dirfd) |
153 |
- { |
154 |
- char canonic[SB_PATH_MAX]; |
155 |
-- char dirfd_path[SB_PATH_MAX]; |
156 |
- |
157 |
- save_errno(); |
158 |
- |
159 |
-- /* Expand the dirfd path first */ |
160 |
-- switch (resolve_dirfd_path(dirfd, pathname, dirfd_path, sizeof(dirfd_path))) { |
161 |
-- case -1: |
162 |
-- sb_debug_dyn("EARLY FAIL: %s(%s) @ resolve_dirfd_path: %s\n", |
163 |
-- func, pathname, strerror(errno)); |
164 |
-- return false; |
165 |
-- case 0: |
166 |
-- pathname = dirfd_path; |
167 |
-- break; |
168 |
-- } |
169 |
-+ /* Check incoming args against common *at issues */ |
170 |
-+ char dirfd_path[SB_PATH_MAX]; |
171 |
-+ if (!sb_common_at_pre_check(func, &pathname, dirfd, dirfd_path, sizeof(dirfd_path))) |
172 |
-+ return false; |
173 |
- |
174 |
- /* Then break down any relative/symlink paths */ |
175 |
- if (-1 == canonicalize(pathname, canonic)) |
176 |
-diff --git a/libsandbox/wrappers.h b/libsandbox/wrappers.h |
177 |
-index 5b97787..0aa58bb 100644 |
178 |
---- a/libsandbox/wrappers.h |
179 |
-+++ b/libsandbox/wrappers.h |
180 |
-@@ -28,5 +28,7 @@ attribute_hidden bool sb_mkdirat_pre_check (const char *func, const char *pathn |
181 |
- attribute_hidden bool sb_openat_pre_check (const char *func, const char *pathname, int dirfd, int flags); |
182 |
- attribute_hidden bool sb_openat64_pre_check (const char *func, const char *pathname, int dirfd, int flags); |
183 |
- attribute_hidden bool sb_unlinkat_pre_check (const char *func, const char *pathname, int dirfd); |
184 |
-+attribute_hidden bool sb_common_at_pre_check(const char *func, const char **pathname, int dirfd, |
185 |
-+ char *dirfd_path, size_t dirfd_path_len); |
186 |
- |
187 |
- #endif |
188 |
--- |
189 |
-1.8.1.2 |
190 |
- |
191 |
-From 0b8a6d9773cc0e6d86bf1187f46817d5716698fe Mon Sep 17 00:00:00 2001 |
192 |
-From: Mike Frysinger <vapier@g.o> |
193 |
-Date: Mon, 24 Dec 2012 19:41:49 -0500 |
194 |
-Subject: [PATCH 2/2] libsandbox: reject "" paths with *at funcs before |
195 |
- checking the dirfd [missing file] |
196 |
- |
197 |
-When it comes to processing errors, an empty path is checked before |
198 |
-an invalid dirfd. Make sure sandbox matches that behavior for the |
199 |
-random testsuites out there that look for this. |
200 |
- |
201 |
-Forgot to `git add` in the previous commit :/. |
202 |
- |
203 |
-URL: https://bugs.gentoo.org/346929 |
204 |
-Reported-by: Marien Zwart <marienz@g.o> |
205 |
-Signed-off-by: Mike Frysinger <vapier@g.o> |
206 |
---- |
207 |
- libsandbox/wrapper-funcs/__pre_at_check.c | 34 +++++++++++++++++++++++++++++++ |
208 |
- 1 file changed, 34 insertions(+) |
209 |
- create mode 100644 libsandbox/wrapper-funcs/__pre_at_check.c |
210 |
- |
211 |
-diff --git a/libsandbox/wrapper-funcs/__pre_at_check.c b/libsandbox/wrapper-funcs/__pre_at_check.c |
212 |
-new file mode 100644 |
213 |
-index 0000000..f72c40c |
214 |
---- /dev/null |
215 |
-+++ b/libsandbox/wrapper-funcs/__pre_at_check.c |
216 |
-@@ -0,0 +1,34 @@ |
217 |
-+/* |
218 |
-+ * common *at() pre-checks. |
219 |
-+ * |
220 |
-+ * Copyright 1999-2012 Gentoo Foundation |
221 |
-+ * Licensed under the GPL-2 |
222 |
-+ */ |
223 |
-+ |
224 |
-+/* We assume the parent has nested use with save/restore errno */ |
225 |
-+bool sb_common_at_pre_check(const char *func, const char **pathname, int dirfd, |
226 |
-+ char *dirfd_path, size_t dirfd_path_len) |
227 |
-+{ |
228 |
-+ /* the empty path name should fail with ENOENT before any dirfd |
229 |
-+ * checks get a chance to run #346929 |
230 |
-+ */ |
231 |
-+ if (*pathname && *pathname[0] == '\0') { |
232 |
-+ errno = ENOENT; |
233 |
-+ sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", |
234 |
-+ func, *pathname, strerror(errno)); |
235 |
-+ return false; |
236 |
-+ } |
237 |
-+ |
238 |
-+ /* Expand the dirfd path first */ |
239 |
-+ switch (resolve_dirfd_path(dirfd, *pathname, dirfd_path, dirfd_path_len)) { |
240 |
-+ case -1: |
241 |
-+ sb_debug_dyn("EARLY FAIL: %s(%s) @ resolve_dirfd_path: %s\n", |
242 |
-+ func, *pathname, strerror(errno)); |
243 |
-+ return false; |
244 |
-+ case 0: |
245 |
-+ *pathname = dirfd_path; |
246 |
-+ break; |
247 |
-+ } |
248 |
-+ |
249 |
-+ return true; |
250 |
-+} |
251 |
--- |
252 |
-1.8.1.2 |
253 |
- |
254 |
|
255 |
diff --git a/sys-apps/sandbox/files/sandbox-2.6-desktop.patch b/sys-apps/sandbox/files/sandbox-2.6-desktop.patch |
256 |
deleted file mode 100644 |
257 |
index fbecb07..0000000 |
258 |
--- a/sys-apps/sandbox/files/sandbox-2.6-desktop.patch |
259 |
+++ /dev/null |
260 |
@@ -1,30 +0,0 @@ |
261 |
-From 00044ab0c8aaaabf048b5ff0ec2da5b3d7d25752 Mon Sep 17 00:00:00 2001 |
262 |
-From: Mike Frysinger <vapier@g.o> |
263 |
-Date: Sat, 17 Nov 2012 14:14:26 -0500 |
264 |
-Subject: [PATCH] sandbox.desktop: drop .svg from Icon field |
265 |
-MIME-Version: 1.0 |
266 |
-Content-Type: text/plain; charset=UTF-8 |
267 |
-Content-Transfer-Encoding: 8bit |
268 |
- |
269 |
-URL: http://bugs.gentoo.org/443672 |
270 |
-Reported-by: Petteri Räty <betelgeuse@g.o> |
271 |
-Signed-off-by: Mike Frysinger <vapier@g.o> |
272 |
---- |
273 |
- data/sandbox.desktop | 2 +- |
274 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
275 |
- |
276 |
-diff --git a/data/sandbox.desktop b/data/sandbox.desktop |
277 |
-index 5b5b576..27a887e 100644 |
278 |
---- a/data/sandbox.desktop |
279 |
-+++ b/data/sandbox.desktop |
280 |
-@@ -5,6 +5,6 @@ Type=Application |
281 |
- Comment=launch a sandboxed shell ... useful for debugging ebuilds |
282 |
- Exec=sandbox |
283 |
- TryExec=sandbox |
284 |
--Icon=sandbox.svg |
285 |
-+Icon=sandbox |
286 |
- Categories=Development; |
287 |
- Terminal=true |
288 |
--- |
289 |
-1.8.1.2 |
290 |
- |
291 |
|
292 |
diff --git a/sys-apps/sandbox/files/sandbox-2.6-hardened-pch.patch b/sys-apps/sandbox/files/sandbox-2.6-hardened-pch.patch |
293 |
deleted file mode 100644 |
294 |
index 611122a..0000000 |
295 |
--- a/sys-apps/sandbox/files/sandbox-2.6-hardened-pch.patch |
296 |
+++ /dev/null |
297 |
@@ -1,88 +0,0 @@ |
298 |
-From: Mike Frysinger <vapier@g.o> |
299 |
-Date: Tue, 28 Aug 2012 16:19:56 +0000 (-0400) |
300 |
-Subject: add a configure option to control pch usage |
301 |
-X-Git-Url: http://git.overlays.gentoo.org/gitweb/?p=proj%2Fsandbox.git;a=commitdiff_plain;h=f2500f5954611d110ac18e9990f42d5a915f8101 |
302 |
- |
303 |
-add a configure option to control pch usage |
304 |
- |
305 |
-Mostly for testing purposes. This also tweaks the dependency to fix a |
306 |
-warning when generating the headers.h.pch in subdirs when the toplevel |
307 |
-headers.h.pch already exists. |
308 |
- |
309 |
-URL: http://bugs.gentoo.org/425524 |
310 |
-Signed-off-by: Mike Frysinger <vapier@g.o> |
311 |
---- |
312 |
- |
313 |
-diff --git a/Makefile.am b/Makefile.am |
314 |
-index 475c8c0..eb54f42 100644 |
315 |
---- a/Makefile.am |
316 |
-+++ b/Makefile.am |
317 |
-@@ -11,9 +11,9 @@ SUBDIRS = \ |
318 |
- src \ |
319 |
- tests |
320 |
- |
321 |
-+noinst_LTLIBRARIES = |
322 |
-+ |
323 |
- SANDBOX_PCH = headers.h.gch libsandbox/headers.h.gch libsbutil/headers.h.gch |
324 |
--BUILT_SOURCES = $(SANDBOX_PCH) |
325 |
--noinst_LTLIBRARIES = libpch.la |
326 |
- nodist_libpch_la_SOURCES = $(SANDBOX_PCH) |
327 |
- GCH_CP = ( \ |
328 |
- src=`dirname $@`/.libs/`basename $@`.o; \ |
329 |
-@@ -30,10 +30,23 @@ $(builddir)/libsandbox/headers.h.gch: headers.h |
330 |
- $(builddir)/headers.h.gch: headers.h |
331 |
- $(AM_V_GEN)$(COMPILE) -c -o $@.o $< && $(GCH_CP) |
332 |
- |
333 |
--libsbutil: libsbutil/headers.h.gch |
334 |
--libsandbox: libsbutil libsandbox/headers.h.gch |
335 |
--src: libsbutil headers.h.gch |
336 |
--tests: src headers.h.gch |
337 |
-+if SB_BUILD_PCH |
338 |
-+BUILT_SOURCES = $(SANDBOX_PCH) |
339 |
-+noinst_LTLIBRARIES += libpch.la |
340 |
-+ |
341 |
-+LIBSBUTIL_PCH = libsbutil/headers.h.gch |
342 |
-+LIBSANDBOX_PCH = libsandbox/headers.h.gch |
343 |
-+TOP_PCH = headers.h.gch |
344 |
-+ |
345 |
-+# Make sure we build the subdirs before the top so they don't |
346 |
-+# try to use the top level headers.h.pch. |
347 |
-+$(TOP_PCH): $(LIBSBUTIL_PCH) $(LIBSANDBOX_PCH) |
348 |
-+endif |
349 |
-+ |
350 |
-+libsbutil: $(LIBSBUTIL_PCH) |
351 |
-+libsandbox: libsbutil $(LIBSANDBOX_PCH) |
352 |
-+src: libsbutil $(TOP_PCH) |
353 |
-+tests: src $(TOP_PCH) |
354 |
- |
355 |
- EXTRA_DIST = headers.h localdecls.h ChangeLog.0 |
356 |
- |
357 |
-diff --git a/configure.ac b/configure.ac |
358 |
-index 661b494..ca0d3ac 100644 |
359 |
---- a/configure.ac |
360 |
-+++ b/configure.ac |
361 |
-@@ -26,7 +26,7 @@ AC_ISC_POSIX |
362 |
- AC_USE_SYSTEM_EXTENSIONS |
363 |
- |
364 |
- dnl Checks for programs. |
365 |
--AM_PROG_AR |
366 |
-+#AM_PROG_AR |
367 |
- AC_PROG_INSTALL |
368 |
- AC_PROG_MAKE_SET |
369 |
- AC_PROG_AWK |
370 |
-@@ -38,6 +38,14 @@ LT_INIT([disable-static]) |
371 |
- |
372 |
- AC_PREFIX_DEFAULT([/usr]) |
373 |
- |
374 |
-+dnl allow pch to be controlled |
375 |
-+AC_MSG_CHECKING([whether to use pre-compiled sandbox headers]) |
376 |
-+AC_ARG_ENABLE([pch], |
377 |
-+ [AS_HELP_STRING([--disable-pch],[Disable pre-compiled headers])], |
378 |
-+ [],[enable_pch="yes"]) |
379 |
-+AM_CONDITIONAL([SB_BUILD_PCH], test "$enable_pch" = "yes") |
380 |
-+AC_MSG_RESULT($enable_pch) |
381 |
-+ |
382 |
- dnl multiple personality support (x86 & x86_64: multilib) |
383 |
- AC_MSG_CHECKING([for multiple personalities]) |
384 |
- AC_ARG_ENABLE([schizo], |
385 |
- |
386 |
|
387 |
diff --git a/sys-apps/sandbox/files/sandbox-2.6-log-var.patch b/sys-apps/sandbox/files/sandbox-2.6-log-var.patch |
388 |
deleted file mode 100644 |
389 |
index bfea9e5..0000000 |
390 |
--- a/sys-apps/sandbox/files/sandbox-2.6-log-var.patch |
391 |
+++ /dev/null |
392 |
@@ -1,51 +0,0 @@ |
393 |
-From 853b42c86432eefc6d4cfba86197fb37d446366d Mon Sep 17 00:00:00 2001 |
394 |
-From: Mike Frysinger <vapier@g.o> |
395 |
-Date: Sun, 3 Mar 2013 05:34:09 -0500 |
396 |
-Subject: [PATCH] sandbox: accept SANDBOX_LOG vars whatever their values |
397 |
- |
398 |
-Commit 40abb498ca4a24495fe34e133379382ce8c3eaca subtly broke the sandbox |
399 |
-with portage. It changed how the sandbox log env var was accessed by |
400 |
-moving from getenv() to get_sandbox_log(). The latter has path checking |
401 |
-and will kick out values that contain a slash. That means every time a |
402 |
-new process starts, a new sandbox log path will be generated, and when a |
403 |
-program triggers a violation, it'll write to the new file. Meanwhile, |
404 |
-portage itself watches the original one which never gets updated. |
405 |
- |
406 |
-This code has been around forever w/out documentation, and I can't think |
407 |
-of a reason we need it. So punt it. |
408 |
- |
409 |
-Signed-off-by: Mike Frysinger <vapier@g.o> |
410 |
---- |
411 |
- libsbutil/get_sandbox_log.c | 14 +++++--------- |
412 |
- 1 file changed, 5 insertions(+), 9 deletions(-) |
413 |
- |
414 |
-diff --git a/libsbutil/get_sandbox_log.c b/libsbutil/get_sandbox_log.c |
415 |
-index a79b399..bdb4278 100644 |
416 |
---- a/libsbutil/get_sandbox_log.c |
417 |
-+++ b/libsbutil/get_sandbox_log.c |
418 |
-@@ -21,17 +21,13 @@ static void _get_sb_log(char *path, const char *tmpdir, const char *env, const c |
419 |
- |
420 |
- sandbox_log_env = getenv(env); |
421 |
- |
422 |
-- if (sandbox_log_env && is_env_on(ENV_SANDBOX_TESTING)) { |
423 |
-- /* When testing, just use what the env says to */ |
424 |
-+ if (sandbox_log_env) { |
425 |
-+ /* If the env is viable, roll with it. We aren't really |
426 |
-+ * about people breaking the security of the sandbox by |
427 |
-+ * exporting SANDBOX_LOG=/dev/null. |
428 |
-+ */ |
429 |
- strncpy(path, sandbox_log_env, SB_PATH_MAX); |
430 |
- } else { |
431 |
-- /* THIS CHUNK BREAK THINGS BY DOING THIS: |
432 |
-- * SANDBOX_LOG=/tmp/sandbox-app-admin/superadduser-1.0.7-11063.log |
433 |
-- */ |
434 |
-- if ((NULL != sandbox_log_env) && |
435 |
-- (NULL != strchr(sandbox_log_env, '/'))) |
436 |
-- sandbox_log_env = NULL; |
437 |
-- |
438 |
- snprintf(path, SB_PATH_MAX, "%s%s%s%s%d%s", |
439 |
- SANDBOX_LOG_LOCATION, prefix, |
440 |
- (sandbox_log_env == NULL ? "" : sandbox_log_env), |
441 |
--- |
442 |
-1.8.1.2 |
443 |
- |
444 |
|
445 |
diff --git a/sys-apps/sandbox/files/sandbox-2.6-open-nofollow.patch b/sys-apps/sandbox/files/sandbox-2.6-open-nofollow.patch |
446 |
deleted file mode 100644 |
447 |
index 0101ece..0000000 |
448 |
--- a/sys-apps/sandbox/files/sandbox-2.6-open-nofollow.patch |
449 |
+++ /dev/null |
450 |
@@ -1,54 +0,0 @@ |
451 |
-From 45fa8714a1d35e6555083d88a71851ada2aacac4 Mon Sep 17 00:00:00 2001 |
452 |
-From: Mike Frysinger <vapier@g.o> |
453 |
-Date: Mon, 24 Dec 2012 18:46:29 -0500 |
454 |
-Subject: [PATCH] libsandbox: handle open(O_NOFOLLOW) |
455 |
- |
456 |
-We don't check for O_NOFOLLOW in the open wrappers, so we end up |
457 |
-returning the wrong error when operating on broken symlinks. |
458 |
- |
459 |
-URL: https://bugs.gentoo.org/413441 |
460 |
-Reported-by: Marien Zwart <marienz@g.o> |
461 |
-Signed-off-by: Mike Frysinger <vapier@g.o> |
462 |
---- |
463 |
- libsandbox/wrapper-funcs/__64_post.h | 1 + |
464 |
- libsandbox/wrapper-funcs/__64_pre.h | 1 + |
465 |
- libsandbox/wrapper-funcs/openat_pre_check.c | 2 +- |
466 |
- tests/open-2.sh | 10 ++++++++++ |
467 |
- tests/open.at | 1 + |
468 |
- 5 files changed, 14 insertions(+), 1 deletion(-) |
469 |
- create mode 100755 tests/open-2.sh |
470 |
- |
471 |
-diff --git a/libsandbox/wrapper-funcs/__64_post.h b/libsandbox/wrapper-funcs/__64_post.h |
472 |
-index 2fd2182..82d2a16 100644 |
473 |
---- a/libsandbox/wrapper-funcs/__64_post.h |
474 |
-+++ b/libsandbox/wrapper-funcs/__64_post.h |
475 |
-@@ -1,3 +1,4 @@ |
476 |
- #undef SB64 |
477 |
- #undef stat |
478 |
-+#undef lstat |
479 |
- #undef off_t |
480 |
-diff --git a/libsandbox/wrapper-funcs/__64_pre.h b/libsandbox/wrapper-funcs/__64_pre.h |
481 |
-index 2132110..0b34b25 100644 |
482 |
---- a/libsandbox/wrapper-funcs/__64_pre.h |
483 |
-+++ b/libsandbox/wrapper-funcs/__64_pre.h |
484 |
-@@ -1,3 +1,4 @@ |
485 |
- #define SB64 |
486 |
- #define stat stat64 |
487 |
-+#define lstat lstat64 |
488 |
- #define off_t off64_t |
489 |
-diff --git a/libsandbox/wrapper-funcs/openat_pre_check.c b/libsandbox/wrapper-funcs/openat_pre_check.c |
490 |
-index c827ee6..0127708 100644 |
491 |
---- a/libsandbox/wrapper-funcs/openat_pre_check.c |
492 |
-+++ b/libsandbox/wrapper-funcs/openat_pre_check.c |
493 |
-@@ -29,7 +29,7 @@ bool sb_openat_pre_check(const char *func, const char *pathname, int dirfd, int |
494 |
- |
495 |
- /* Doesn't exist -> skip permission checks */ |
496 |
- struct stat st; |
497 |
-- if (-1 == stat(pathname, &st)) { |
498 |
-+ if (((flags & O_NOFOLLOW) ? lstat(pathname, &st) : stat(pathname, &st)) == -1) { |
499 |
- sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", |
500 |
- func, pathname, strerror(errno)); |
501 |
- return false; |
502 |
--- |
503 |
-1.8.1.2 |
504 |
- |
505 |
|
506 |
diff --git a/sys-apps/sandbox/files/sandbox-2.6-static-close-fd.patch b/sys-apps/sandbox/files/sandbox-2.6-static-close-fd.patch |
507 |
deleted file mode 100644 |
508 |
index 7fc0972..0000000 |
509 |
--- a/sys-apps/sandbox/files/sandbox-2.6-static-close-fd.patch |
510 |
+++ /dev/null |
511 |
@@ -1,93 +0,0 @@ |
512 |
-From a3ff1534945c3898332b2481c9fd355dfbd56e1f Mon Sep 17 00:00:00 2001 |
513 |
-From: Mike Frysinger <vapier@g.o> |
514 |
-Date: Sat, 23 Jun 2012 11:52:51 -0700 |
515 |
-Subject: [PATCH] libsandbox: clean up open file handles in parent tracing |
516 |
- process |
517 |
- |
518 |
-Currently, if a non-static app sets up a pipe (with cloexec enabled) and |
519 |
-executes a static app, the handle to that pipe is left open in the parent |
520 |
-process. This causes trouble when the parent is waiting for that to be |
521 |
-closed immediately. |
522 |
- |
523 |
-Since none of the fds in the forked parent process matter to us, we can |
524 |
-just go ahead and clean up all fds before we start tracing the child. |
525 |
- |
526 |
-URL: http://bugs.gentoo.org/364877 |
527 |
-Reported-by: Victor Stinner <victor.stinner@×××××××××.com> |
528 |
-Signed-off-by: Mike Frysinger <vapier@g.o> |
529 |
---- |
530 |
- libsandbox/trace.c | 3 +- |
531 |
- libsbutil/sb_close.c | 26 +++++++++++- |
532 |
- libsbutil/sbutil.h | 1 + |
533 |
- tests/Makefile.am | 2 + |
534 |
- tests/pipe-fork_static_tst.c | 18 +++++++++ |
535 |
- tests/pipe-fork_tst.c | 95 ++++++++++++++++++++++++++++++++++++++++++++ |
536 |
- tests/script-9.sh | 5 +++ |
537 |
- tests/script.at | 1 + |
538 |
- 8 files changed, 149 insertions(+), 2 deletions(-) |
539 |
- create mode 100644 tests/pipe-fork_static_tst.c |
540 |
- create mode 100644 tests/pipe-fork_tst.c |
541 |
- create mode 100755 tests/script-9.sh |
542 |
- |
543 |
-diff --git a/libsandbox/trace.c b/libsandbox/trace.c |
544 |
-index 32ad2d6..dfbab18 100644 |
545 |
---- a/libsandbox/trace.c |
546 |
-+++ b/libsandbox/trace.c |
547 |
-@@ -504,8 +504,9 @@ void trace_main(const char *filename, char *const argv[]) |
548 |
- /* Not all kernel versions support this, so ignore return */ |
549 |
- ptrace(PTRACE_SETOPTIONS, trace_pid, NULL, (void *)PTRACE_O_TRACESYSGOOD); |
550 |
- #endif |
551 |
-+ sb_close_all_fds(); |
552 |
- trace_loop(); |
553 |
-- return; |
554 |
-+ sb_ebort("ISE: child should have quit, as should we\n"); |
555 |
- } |
556 |
- |
557 |
- sb_debug("child setting up ..."); |
558 |
-diff --git a/libsbutil/sb_close.c b/libsbutil/sb_close.c |
559 |
-index 17a4560..5379197 100644 |
560 |
---- a/libsbutil/sb_close.c |
561 |
-+++ b/libsbutil/sb_close.c |
562 |
-@@ -29,3 +29,27 @@ int sb_close(int fd) |
563 |
- |
564 |
- return res; |
565 |
- } |
566 |
-+ |
567 |
-+/* Quickly close all the open fds (good for daemonization) */ |
568 |
-+void sb_close_all_fds(void) |
569 |
-+{ |
570 |
-+ DIR *dirp; |
571 |
-+ struct dirent *de; |
572 |
-+ int dfd, fd; |
573 |
-+ const char *fd_dir = sb_get_fd_dir(); |
574 |
-+ |
575 |
-+ dirp = opendir(fd_dir); |
576 |
-+ if (!dirp) |
577 |
-+ sb_ebort("could not process %s\n", fd_dir); |
578 |
-+ dfd = dirfd(dirp); |
579 |
-+ |
580 |
-+ while ((de = readdir(dirp)) != NULL) { |
581 |
-+ if (de->d_name[0] == '.') |
582 |
-+ continue; |
583 |
-+ fd = atoi(de->d_name); |
584 |
-+ if (fd != dfd) |
585 |
-+ close(fd); |
586 |
-+ } |
587 |
-+ |
588 |
-+ closedir(dirp); |
589 |
-+} |
590 |
-diff --git a/libsbutil/sbutil.h b/libsbutil/sbutil.h |
591 |
-index 02b88cb..479734b 100644 |
592 |
---- a/libsbutil/sbutil.h |
593 |
-+++ b/libsbutil/sbutil.h |
594 |
-@@ -97,6 +97,7 @@ int sb_open(const char *path, int flags, mode_t mode); |
595 |
- size_t sb_read(int fd, void *buf, size_t count); |
596 |
- size_t sb_write(int fd, const void *buf, size_t count); |
597 |
- int sb_close(int fd); |
598 |
-+void sb_close_all_fds(void); |
599 |
- int sb_copy_file_to_fd(const char *file, int ofd); |
600 |
- |
601 |
- /* Reliable output */ |
602 |
--- |
603 |
-1.8.1.2 |
604 |
- |
605 |
|
606 |
diff --git a/sys-apps/sandbox/files/sandbox-2.6-trace-hppa.patch b/sys-apps/sandbox/files/sandbox-2.6-trace-hppa.patch |
607 |
deleted file mode 100644 |
608 |
index 7e73822..0000000 |
609 |
--- a/sys-apps/sandbox/files/sandbox-2.6-trace-hppa.patch |
610 |
+++ /dev/null |
611 |
@@ -1,27 +0,0 @@ |
612 |
-From 7b01f6103a9baddaf0252e7f850a4cef91a48b67 Mon Sep 17 00:00:00 2001 |
613 |
-From: Mike Frysinger <vapier@g.o> |
614 |
-Date: Fri, 6 Jul 2012 14:58:16 -0400 |
615 |
-Subject: [PATCH] libsandbox: fix hppa trace code |
616 |
- |
617 |
-URL: https://bugs.gentoo.org/425062 |
618 |
-Reported-by: Jeroen Roovers <jer@g.o> |
619 |
-Signed-off-by: Mike Frysinger <vapier@g.o> |
620 |
---- |
621 |
- libsandbox/trace/linux/hppa.c | 4 ++-- |
622 |
- 1 file changed, 2 insertions(+), 2 deletions(-) |
623 |
- |
624 |
-diff --git a/libsandbox/trace/linux/hppa.c b/libsandbox/trace/linux/hppa.c |
625 |
-index d23b0d1..5414354 100644 |
626 |
---- a/libsandbox/trace/linux/hppa.c |
627 |
-+++ b/libsandbox/trace/linux/hppa.c |
628 |
-@@ -1,5 +1,5 @@ |
629 |
--#define trace_reg_sysnum (20 * 4) /* PT_GR20 */ |
630 |
--#define trace_reg_ret (28 * 4) /* PT_GR28 */ |
631 |
-+#define trace_reg_sysnum gr[20] |
632 |
-+#define trace_reg_ret gr[28] |
633 |
- |
634 |
- static unsigned long trace_arg(void *vregs, int num) |
635 |
- { |
636 |
--- |
637 |
-1.7.9.7 |
638 |
- |
639 |
|
640 |
diff --git a/sys-apps/sandbox/sandbox-2.6-r1.ebuild b/sys-apps/sandbox/sandbox-2.6-r1.ebuild |
641 |
deleted file mode 100644 |
642 |
index 25130d2..0000000 |
643 |
--- a/sys-apps/sandbox/sandbox-2.6-r1.ebuild |
644 |
+++ /dev/null |
645 |
@@ -1,132 +0,0 @@ |
646 |
-# Copyright 1999-2013 Gentoo Foundation |
647 |
-# Distributed under the terms of the GNU General Public License v2 |
648 |
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-2.6-r1.ebuild,v 1.12 2013/07/02 07:43:42 ago Exp $ |
649 |
- |
650 |
-# |
651 |
-# don't monkey with this ebuild unless contacting portage devs. |
652 |
-# period. |
653 |
-# |
654 |
- |
655 |
-inherit autotools eutils flag-o-matic toolchain-funcs multilib unpacker multiprocessing |
656 |
- |
657 |
-DESCRIPTION="sandbox'd LD_PRELOAD hack" |
658 |
-HOMEPAGE="http://www.gentoo.org/" |
659 |
-SRC_URI="mirror://gentoo/${P}.tar.xz |
660 |
- http://dev.gentoo.org/~vapier/dist/${P}.tar.xz" |
661 |
- |
662 |
-LICENSE="GPL-2" |
663 |
-SLOT="0" |
664 |
-KEYWORDS="alpha amd64 arm hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd -x86-fbsd" |
665 |
-IUSE="multilib pch" |
666 |
- |
667 |
-DEPEND="app-arch/xz-utils |
668 |
- >=app-misc/pax-utils-0.1.19" #265376 |
669 |
-RDEPEND="" |
670 |
- |
671 |
-EMULTILIB_PKG="true" |
672 |
-has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" |
673 |
- |
674 |
-sandbox_death_notice() { |
675 |
- ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" |
676 |
- ewarn "FEATURES=-sandbox emerge sandbox" |
677 |
-} |
678 |
- |
679 |
-sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; } |
680 |
- |
681 |
-sb_foreach_abi() { |
682 |
- local OABI=${ABI} |
683 |
- for ABI in $(sb_get_install_abis) ; do |
684 |
- cd "${WORKDIR}/build-${ABI}" |
685 |
- einfo "Running $1 for ABI=${ABI}..." |
686 |
- "$@" |
687 |
- done |
688 |
- ABI=${OABI} |
689 |
-} |
690 |
- |
691 |
-src_unpack() { |
692 |
- unpacker |
693 |
- cd "${S}" |
694 |
- epatch "${FILESDIR}"/${P}-trace-hppa.patch #425062 |
695 |
- epatch "${FILESDIR}"/${P}-log-var.patch |
696 |
- epatch "${FILESDIR}"/${P}-static-close-fd.patch #364877 |
697 |
- epatch "${FILESDIR}"/${P}-desktop.patch #443672 |
698 |
- epatch "${FILESDIR}"/${P}-open-nofollow.patch #413441 |
699 |
- epatch "${FILESDIR}"/${P}-check-empty-paths-at.patch #346929 |
700 |
- epatch "${FILESDIR}"/${P}-hardened-pch.patch #425524 |
701 |
- epatch_user |
702 |
- |
703 |
- eautoreconf |
704 |
-} |
705 |
- |
706 |
-sb_configure() { |
707 |
- mkdir "${WORKDIR}/build-${ABI}" |
708 |
- cd "${WORKDIR}/build-${ABI}" |
709 |
- |
710 |
- use multilib && multilib_toolchain_setup ${ABI} |
711 |
- |
712 |
- einfo "Configuring sandbox for ABI=${ABI}..." |
713 |
- ECONF_SOURCE="../${P}/" \ |
714 |
- econf $(use_enable pch) ${myconf} || die |
715 |
-} |
716 |
- |
717 |
-sb_compile() { |
718 |
- emake || die |
719 |
-} |
720 |
- |
721 |
-src_compile() { |
722 |
- filter-lfs-flags #90228 |
723 |
- |
724 |
- # Run configures in parallel! |
725 |
- multijob_init |
726 |
- local OABI=${ABI} |
727 |
- for ABI in $(sb_get_install_abis) ; do |
728 |
- multijob_child_init sb_configure |
729 |
- done |
730 |
- ABI=${OABI} |
731 |
- multijob_finish |
732 |
- |
733 |
- sb_foreach_abi sb_compile |
734 |
-} |
735 |
- |
736 |
-sb_test() { |
737 |
- emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" || die |
738 |
-} |
739 |
- |
740 |
-src_test() { |
741 |
- sb_foreach_abi sb_test |
742 |
-} |
743 |
- |
744 |
-sb_install() { |
745 |
- emake DESTDIR="${D}" install || die |
746 |
- insinto /etc/sandbox.d #333131 |
747 |
- doins etc/sandbox.d/00default || die |
748 |
-} |
749 |
- |
750 |
-src_install() { |
751 |
- sb_foreach_abi sb_install |
752 |
- |
753 |
- doenvd "${FILESDIR}"/09sandbox |
754 |
- |
755 |
- keepdir /var/log/sandbox |
756 |
- fowners root:portage /var/log/sandbox |
757 |
- fperms 0770 /var/log/sandbox |
758 |
- |
759 |
- cd "${S}" |
760 |
- dodoc AUTHORS ChangeLog* NEWS README |
761 |
-} |
762 |
- |
763 |
-pkg_preinst() { |
764 |
- chown root:portage "${D}"/var/log/sandbox |
765 |
- chmod 0770 "${D}"/var/log/sandbox |
766 |
- |
767 |
- local old=$(find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*') |
768 |
- if [[ -n ${old} ]] ; then |
769 |
- elog "Removing old sandbox libraries for you:" |
770 |
- elog ${old//${ROOT}} |
771 |
- find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \; |
772 |
- fi |
773 |
-} |
774 |
- |
775 |
-pkg_postinst() { |
776 |
- chmod 0755 "${ROOT}"/etc/sandbox.d #265376 |
777 |
-} |