| 1 |
On Wed 02 Apr 2014 13:01:25 Samuli Suominen wrote: |
| 2 |
> Problem 1: |
| 3 |
> |
| 4 |
> https://bugs.gentoo.org/show_bug.cgi?id=472766#c21 |
| 5 |
> |
| 6 |
> I'm not sure if wildcards are supported by /etc/sandbox.d/ files |
| 7 |
|
| 8 |
they are not. however, path matching is based on prefixes, so there's always |
| 9 |
an implicit glob at the end. would be reasonable to change the code to use |
| 10 |
fnmatch. |
| 11 |
|
| 12 |
e.g. SANDBOX_PREDICT=/dev/dri/card probably works |
| 13 |
|
| 14 |
however, i think we're relying on sandbox preventing bad code from doing bad |
| 15 |
things. there really should be a way for the build to disable the logic in |
| 16 |
the first place from kicking in. |
| 17 |
-mike |
Archives