From 822e317acd15429c57cf09cf448b1ce99cf33147 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Sun, 20 Sep 2015 04:12:48 -0400 Subject: sys-apps/sandbox: version bump --- .../sandbox/files/sandbox-2.8-write-ptmx.patch | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch (limited to 'sys-apps/sandbox/files') diff --git a/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch b/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch new file mode 100644 index 000000000000..d22f53b0f114 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch @@ -0,0 +1,34 @@ +From 6b9b505f4a7716a50ff9e63c85f2c4882987a732 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Sun, 20 Sep 2015 04:40:39 -0400 +Subject: [PATCH] sandbox.conf: allow writing to /dev/ptmx + +We implicitly permit write access to this node by not catching functions +like openpty and posix_openpt, but when projects try to access the node +directly (due to legacy/fallback logic), the sandbox would reject them. +Make access to the node explicit since it's generally harmless. + +URL: https://bugs.gentoo.org/413327 +URL: https://bugs.gentoo.org/550650 +URL: https://bugs.gentoo.org/550670 +Signed-off-by: Mike Frysinger +--- + etc/sandbox.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/etc/sandbox.conf b/etc/sandbox.conf +index dc460f0..1d7655c 100644 +--- a/etc/sandbox.conf ++++ b/etc/sandbox.conf +@@ -64,7 +64,7 @@ SANDBOX_WRITE="/dev/zero:/dev/null:/dev/full" + # Console device nodes + SANDBOX_WRITE="/dev/console:/dev/tty:/dev/vc/:/dev/pty:/dev/tts" + # Device filesystems +-SANDBOX_WRITE="/dev/pts/:/dev/shm" ++SANDBOX_WRITE="/dev/ptmx:/dev/pts/:/dev/shm" + # Tempory storage + SANDBOX_WRITE="/tmp/:/var/tmp/" + # Needed for shells +-- +2.5.2 + -- cgit v1.2.3-65-gdbad