profiles/base/make.defaults: add CARGO_HOME to ENV_UNSET

Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>

1 files changed, 4 insertions, 1 deletions

diff --git a/profiles/base/make.defaults b/profiles/base/make.defaults
index 1ac69f51ec90..ebcbbe0ad388 100644
--- a/profiles/base/make.defaults
+++ b/profiles/base/make.defaults
@@ -29,6 +29,9 @@ CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf"
 #
 # DISPLAY and XAUTHORITY to avoid trying to access the user's X11.
 #
+# CARGO_HOME may leak to build env if package is not using cargo.eclass
+# such leak will result in sandbox violations
+#
 # XDG_* since the values coming from user environment can collide with
 # ebuild-set ${HOME} (e.g. by referring to user's home directory).
 # We exclude XDG_DATA_DIRS & XDG_CONFIG_DIRS as those are set in env.d.
@@ -40,7 +43,7 @@ CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf"
 # GOBIN needs to be cleaned as random values in GOBIN can affect the
 # building of some packages:
 # https://archives.gentoo.org/gentoo-dev/message/163010f83ae7819d80c0cfdf797cbfe0
-ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR PERL_MM_OPT PERL5LIB PERL5OPT PERL_MB_OPT PERL_CORE PERLPREFIX GOBIN GOPATH"
+ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY CARGO_HOME XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR PERL_MM_OPT PERL5LIB PERL5OPT PERL_MB_OPT PERL_CORE PERLPREFIX GOBIN GOPATH"
 
 # Variables that are set exclusively by the profile
 # and not by user configuration files.