| 1 |
Hi, |
| 2 |
|
| 3 |
I performed an entire 'emerge system' on a freshly installed machine |
| 4 |
with the sandbox installed beforehand. This made it possible to check |
| 5 |
all system packages for accedental writes outside the allowed dirs. |
| 6 |
Below is the list of packages that failed and the details : |
| 7 |
|
| 8 |
fileutils |
| 9 |
mkdir: /usr/tmp/cf19190 |
| 10 |
mkdir: /usr/lib/cf19190 |
| 11 |
|
| 12 |
findutils |
| 13 |
mkdir: /var/spool/locate |
| 14 |
|
| 15 |
gpm |
| 16 |
mkdir: /etc/gpm |
| 17 |
|
| 18 |
ncurses |
| 19 |
open_wr: /usr/tmp/conftest9012345 |
| 20 |
open_wr: /usr/tmp/conftest9012346 |
| 21 |
|
| 22 |
patch |
| 23 |
open_wr: /usr/tmp/conftest9012345 |
| 24 |
open_wr: /usr/tmp/conftest9012346 |
| 25 |
|
| 26 |
pwdb |
| 27 |
open_wr: /usr/portage/sys-libs/pwdb/files/. |
| 28 |
|
| 29 |
sh-utils |
| 30 |
mkdir: /usr/tmp/cf8115 |
| 31 |
mkdir: /usr/lib/cf8115 |
| 32 |
|
| 33 |
tar |
| 34 |
open_wr: /usr/tmp/conftest9012345 |
| 35 |
open_wr: /usr/tmp/conftest9012346 |
| 36 |
|
| 37 |
textutils |
| 38 |
mkdir: /usr/tmp/cf27156 |
| 39 |
mkdir: /usr/lib/cf27156 |
| 40 |
|
| 41 |
Out of this I conclude that it might be a good idea to open up |
| 42 |
'/usr/tmp' for writing too. Anyway, it's linked to /var/tmp and ormally |
| 43 |
the dirs that are created in /usr/tmp by these packages are deleted |
| 44 |
immediately afterwards. |
| 45 |
|
| 46 |
I'm currently building an entire gnome desktop through the sandbox. |
| 47 |
There's already one problem which I've discussed with Hallski. Quite |
| 48 |
some packages need to write to '/var/log/scrollkeeper.log' during their |
| 49 |
installation. Hallski is going to investigate how this could be helped, |
| 50 |
but in the meantime I've opened up my local sadbox for this file |
| 51 |
temporarely. |
| 52 |
|
| 53 |
Best regards, |
| 54 |
|
| 55 |
Geert |
| 56 |
|
| 57 |
-- |
| 58 |
Geert Bevin |
| 59 |
the Leaf sprl/bvba |
| 60 |
"Use what you need" Pierre Theunisstraat 1/47 |
| 61 |
http://www.theleaf.be 1030 Brussels |
| 62 |
gbevin@×××××××.be Tel & Fax +32 2 241 19 98 |
Archives