sys-apps/sandbox: version bump

1 files changed, 34 insertions, 0 deletions

diff --git a/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch b/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch
new file mode 100644
index 000000000000..d22f53b0f114
--- /dev/null
+++ b/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch
@@ -0,0 +1,34 @@
+From 6b9b505f4a7716a50ff9e63c85f2c4882987a732 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sun, 20 Sep 2015 04:40:39 -0400
+Subject: [PATCH] sandbox.conf: allow writing to /dev/ptmx
+
+We implicitly permit write access to this node by not catching functions
+like openpty and posix_openpt, but when projects try to access the node
+directly (due to legacy/fallback logic), the sandbox would reject them.
+Make access to the node explicit since it's generally harmless.
+
+URL: https://bugs.gentoo.org/413327
+URL: https://bugs.gentoo.org/550650
+URL: https://bugs.gentoo.org/550670
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ etc/sandbox.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/etc/sandbox.conf b/etc/sandbox.conf
+index dc460f0..1d7655c 100644
+--- a/etc/sandbox.conf
++++ b/etc/sandbox.conf
+@@ -64,7 +64,7 @@ SANDBOX_WRITE="/dev/zero:/dev/null:/dev/full"
+ # Console device nodes
+ SANDBOX_WRITE="/dev/console:/dev/tty:/dev/vc/:/dev/pty:/dev/tts"
+ # Device filesystems
+-SANDBOX_WRITE="/dev/pts/:/dev/shm"
++SANDBOX_WRITE="/dev/ptmx:/dev/pts/:/dev/shm"
+ # Tempory storage
+ SANDBOX_WRITE="/tmp/:/var/tmp/"
+ # Needed for shells
+-- 
+2.5.2
+