1 |
Hi, |
2 |
|
3 |
I performed an entire 'emerge system' on a freshly installed machine |
4 |
with the sandbox installed beforehand. This made it possible to check |
5 |
all system packages for accedental writes outside the allowed dirs. |
6 |
Below is the list of packages that failed and the details : |
7 |
|
8 |
fileutils |
9 |
mkdir: /usr/tmp/cf19190 |
10 |
mkdir: /usr/lib/cf19190 |
11 |
|
12 |
findutils |
13 |
mkdir: /var/spool/locate |
14 |
|
15 |
gpm |
16 |
mkdir: /etc/gpm |
17 |
|
18 |
ncurses |
19 |
open_wr: /usr/tmp/conftest9012345 |
20 |
open_wr: /usr/tmp/conftest9012346 |
21 |
|
22 |
patch |
23 |
open_wr: /usr/tmp/conftest9012345 |
24 |
open_wr: /usr/tmp/conftest9012346 |
25 |
|
26 |
pwdb |
27 |
open_wr: /usr/portage/sys-libs/pwdb/files/. |
28 |
|
29 |
sh-utils |
30 |
mkdir: /usr/tmp/cf8115 |
31 |
mkdir: /usr/lib/cf8115 |
32 |
|
33 |
tar |
34 |
open_wr: /usr/tmp/conftest9012345 |
35 |
open_wr: /usr/tmp/conftest9012346 |
36 |
|
37 |
textutils |
38 |
mkdir: /usr/tmp/cf27156 |
39 |
mkdir: /usr/lib/cf27156 |
40 |
|
41 |
Out of this I conclude that it might be a good idea to open up |
42 |
'/usr/tmp' for writing too. Anyway, it's linked to /var/tmp and ormally |
43 |
the dirs that are created in /usr/tmp by these packages are deleted |
44 |
immediately afterwards. |
45 |
|
46 |
I'm currently building an entire gnome desktop through the sandbox. |
47 |
There's already one problem which I've discussed with Hallski. Quite |
48 |
some packages need to write to '/var/log/scrollkeeper.log' during their |
49 |
installation. Hallski is going to investigate how this could be helped, |
50 |
but in the meantime I've opened up my local sadbox for this file |
51 |
temporarely. |
52 |
|
53 |
Best regards, |
54 |
|
55 |
Geert |
56 |
|
57 |
-- |
58 |
Geert Bevin |
59 |
the Leaf sprl/bvba |
60 |
"Use what you need" Pierre Theunisstraat 1/47 |
61 |
http://www.theleaf.be 1030 Brussels |
62 |
gbevin@×××××××.be Tel & Fax +32 2 241 19 98 |