diff options
Diffstat (limited to 'sys-apps')
19 files changed, 0 insertions, 963 deletions
diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest deleted file mode 100644 index a4df30f468..0000000000 --- a/sys-apps/sandbox/Manifest +++ /dev/null @@ -1,3 +0,0 @@ -DIST sandbox-1.6.tar.lzma 307014 BLAKE2B ba61be101af826a7b1a717f943e93b073a23728ec5f33c2f65c3a7ba0ba8b3e96861e2a23405e501ed9115091bf04d11b952bb670ca9a7c597c85b03cf7f3931 SHA512 f470599a67443fa107612fef1cc73b64b3146003ae21bb5ae5abd852c4c37aec93ac09be646fda9d55d4c3aeef0cf28a42fa675f2acbb53c1d903e400538ba4c -DIST sandbox-2.5.tar.xz 355680 BLAKE2B b6c85e2a23d43c21a43efd2f9c3ea2459a7d76e2580e4f74d63d29645b41652711b869d21ae7c36c70cd4b4c2ad739772fb3c06fa5fd93b63d63b07b62d8e8e0 SHA512 7b870295bb78c1da5550b650a3983d93e503935a8e8452a29a5c6310cc2c2d569a898ea1534e2c670b4a3e5607504fac55f69da6878e0adc9c2c65a5476b4fb0 -DIST sandbox-2.6.tar.xz 366356 BLAKE2B 9dbd92176a239743e877c174bdb547672a020e92ed661e239f29c75c79320e9b15733aaba532389435ffc2d2927d80c1192ff7f603236dacedf88b33686da197 SHA512 32ba7fb675c67fdc8bc52da1db7ed6878e5fea8753accb30d9aca00f708e0dde03287b5962caf5ef031bea6934d6ef3e18404b015c70ebd551d3fd8109ad2371 diff --git a/sys-apps/sandbox/files/0001-libsandbox-handle-more-at-functions.patch b/sys-apps/sandbox/files/0001-libsandbox-handle-more-at-functions.patch deleted file mode 100644 index 09462b7e1b..0000000000 --- a/sys-apps/sandbox/files/0001-libsandbox-handle-more-at-functions.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 25425878243c5ca1ff21e6f479e585c60b943930 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier@gentoo.org> -Date: Mon, 30 Mar 2009 19:56:29 -0400 -Subject: [PATCH] libsandbox: handle more *at functions - -Add some more *at functions to the main checking code. - -URL: http://bugs.gentoo.org/264320 -Signed-off-by: Mike Frysinger <vapier@gentoo.org> -Reported-by: Harald van Dijk <truedfx@gentoo.org> ---- - libsandbox/libsandbox.c | 5 +++++ - 1 files changed, 5 insertions(+), 0 deletions(-) - -diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c -index 88248af..c3f0b55 100644 ---- a/libsandbox/libsandbox.c -+++ b/libsandbox/libsandbox.c -@@ -681,15 +681,20 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func, - sb_nr == SB_NR_CREAT || - sb_nr == SB_NR_CREAT64 || - sb_nr == SB_NR_MKDIR || -+ sb_nr == SB_NR_MKDIRAT || - sb_nr == SB_NR_MKNOD || - sb_nr == SB_NR_MKNODAT || - sb_nr == SB_NR__XMKNOD || - sb_nr == SB_NR___XMKNOD || - sb_nr == SB_NR___XMKNODAT || - sb_nr == SB_NR_MKFIFO || -+ sb_nr == SB_NR_MKFIFOAT || - sb_nr == SB_NR_LINK || -+ sb_nr == SB_NR_LINKAT || - sb_nr == SB_NR_SYMLINK || -+ sb_nr == SB_NR_SYMLINKAT || - sb_nr == SB_NR_RENAME || -+ sb_nr == SB_NR_RENAMEAT || - sb_nr == SB_NR_LUTIMES || - sb_nr == SB_NR_UTIMENSAT || - sb_nr == SB_NR_UTIME || --- -1.6.2 - diff --git a/sys-apps/sandbox/files/09sandbox b/sys-apps/sandbox/files/09sandbox deleted file mode 100644 index 9181eb068c..0000000000 --- a/sys-apps/sandbox/files/09sandbox +++ /dev/null @@ -1 +0,0 @@ -CONFIG_PROTECT_MASK="/etc/sandbox.d" diff --git a/sys-apps/sandbox/files/sandbox-1.2.17-prefix.patch b/sys-apps/sandbox/files/sandbox-1.2.17-prefix.patch deleted file mode 100644 index 98348553d5..0000000000 --- a/sys-apps/sandbox/files/sandbox-1.2.17-prefix.patch +++ /dev/null @@ -1,209 +0,0 @@ -* Michael Haubenwallner <michael.haubenwallner@salomon.at> - Prefix awareness for sandbox - -diff -ruN sandbox-1.2.17.orig/configure.ac sandbox-1.2.17/configure.ac ---- sandbox-1.2.17.orig/configure.ac 2005-12-05 15:03:35.000000000 +0100 -+++ sandbox-1.2.17/configure.ac 2006-07-27 16:14:28.000000000 +0200 -@@ -156,5 +156,7 @@ - Makefile - scripts/Makefile - data/Makefile -+ data/sandbox.bashrc -+ data/sandbox.profile - src/Makefile - ]) -diff -ruN sandbox-1.2.17.orig/data/sandbox.bashrc sandbox-1.2.17/data/sandbox.bashrc ---- sandbox-1.2.17.orig/data/sandbox.bashrc 2005-12-01 00:14:28.000000000 +0100 -+++ sandbox-1.2.17/data/sandbox.bashrc 1970-01-01 01:00:00.000000000 +0100 -@@ -1,18 +0,0 @@ --# Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com --# Distributed under the terms of the GNU General Public License, v2 or later --# Author : Geert Bevin <gbevin@uwyn.com> --# $Header$ --source /etc/profile -- --if [[ -n ${LD_PRELOAD} && ${LD_PRELOAD} != *$SANDBOX_LIB* ]] ; then -- export LD_PRELOAD="${SANDBOX_LIB} ${LD_PRELOAD}" --elif [[ -z ${LD_PRELOAD} ]] ; then -- export LD_PRELOAD="${SANDBOX_LIB}" --fi -- --export BASH_ENV="${SANDBOX_BASHRC}" -- --alias make="make LD_PRELOAD=${LD_PRELOAD}" --alias su="su -c '/bin/bash -rcfile ${SANDBOX_BASHRC}'" -- --declare -r SANDBOX_ACTIVE -diff -ruN sandbox-1.2.17.orig/data/sandbox.bashrc.in sandbox-1.2.17/data/sandbox.bashrc.in ---- sandbox-1.2.17.orig/data/sandbox.bashrc.in 1970-01-01 01:00:00.000000000 +0100 -+++ sandbox-1.2.17/data/sandbox.bashrc.in 2006-07-27 16:13:40.000000000 +0200 -@@ -0,0 +1,17 @@ -+# Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com -+# Distributed under the terms of the GNU General Public License, v2 or later -+# Author : Geert Bevin <gbevin@uwyn.com> -+# $Header$ -+ -+if [[ -n ${LD_PRELOAD} && ${LD_PRELOAD} != *$SANDBOX_LIB* ]] ; then -+ export LD_PRELOAD="${SANDBOX_LIB} ${LD_PRELOAD}" -+elif [[ -z ${LD_PRELOAD} ]] ; then -+ export LD_PRELOAD="${SANDBOX_LIB}" -+fi -+ -+export BASH_ENV="${SANDBOX_BASHRC}" -+ -+alias make="make LD_PRELOAD=${LD_PRELOAD}" -+alias su="su -c '@CU_BASH@ -rcfile ${SANDBOX_PROFILE}'" -+ -+declare -r SANDBOX_ACTIVE -diff -ruN sandbox-1.2.17.orig/data/sandbox.profile.in sandbox-1.2.17/data/sandbox.profile.in ---- sandbox-1.2.17.orig/data/sandbox.profile.in 1970-01-01 01:00:00.000000000 +0100 -+++ sandbox-1.2.17/data/sandbox.profile.in 2006-07-27 16:12:05.000000000 +0200 -@@ -0,0 +1,7 @@ -+# Copyright (C) 2001 Michael Haubenwallner, Salomon Automation, http://www.salomon.at -+# Distributed under the terms of the GNU General Public License, v2 or later -+# Author : Michael Haubenwallner <michael.haubenwallner@salomon.at> -+# $Header$ -+ -+source @sysconfdir@/profile -+source "${SANDBOX_BASHRC}" -diff -ruN sandbox-1.2.17.orig/src/Makefile.am sandbox-1.2.17/src/Makefile.am ---- sandbox-1.2.17.orig/src/Makefile.am 2005-12-05 14:16:52.000000000 +0100 -+++ sandbox-1.2.17/src/Makefile.am 2006-07-27 16:12:05.000000000 +0200 -@@ -7,6 +7,7 @@ - -DPIC -fPIC -D_REENTRANT \ - -DLIBSANDBOX_PATH=\"$(libdir)\" \ - -DSANDBOX_BASHRC_PATH=\"$(pkgdatadir)\" \ -+ -DLOCALSTATEDIR=\"$(localstatedir)\" \ - -I$(top_srcdir) -Wall - - LOCAL_INCLUDES = $(top_srcdir)/localdecls.h -diff -ruN sandbox-1.2.17.orig/src/sandbox.c sandbox-1.2.17/src/sandbox.c ---- sandbox-1.2.17.orig/src/sandbox.c 2005-12-05 14:15:45.000000000 +0100 -+++ sandbox-1.2.17/src/sandbox.c 2006-07-27 16:12:05.000000000 +0200 -@@ -33,6 +33,7 @@ - char sandbox_debug_log[SB_PATH_MAX]; - char sandbox_lib[SB_PATH_MAX]; - char sandbox_rc[SB_PATH_MAX]; -+ char sandbox_profile[SB_PATH_MAX]; - char work_dir[SB_PATH_MAX]; - char var_tmp_dir[SB_PATH_MAX]; - char tmp_dir[SB_PATH_MAX]; -@@ -81,6 +82,9 @@ - /* Generate sandbox bashrc path */ - get_sandbox_rc(sandbox_info->sandbox_rc); - -+ /* Generate sandbox bashprofile path */ -+ get_sandbox_profile(sandbox_info->sandbox_profile); -+ - /* Generate sandbox log full path */ - get_sandbox_log(sandbox_info->sandbox_log); - if (1 == exists(sandbox_info->sandbox_log)) { -@@ -278,6 +282,7 @@ - unsetenv(ENV_SANDBOX_ON); - unsetenv(ENV_SANDBOX_LIB); - unsetenv(ENV_SANDBOX_BASHRC); -+ unsetenv(ENV_SANDBOX_PROFILE); - unsetenv(ENV_SANDBOX_LOG); - unsetenv(ENV_SANDBOX_DEBUG_LOG); - -@@ -322,6 +327,7 @@ - sandbox_setenv(new_environ, ENV_SANDBOX_ON, "1"); - sandbox_setenv(new_environ, ENV_SANDBOX_LIB, sandbox_info->sandbox_lib); - sandbox_setenv(new_environ, ENV_SANDBOX_BASHRC, sandbox_info->sandbox_rc); -+ sandbox_setenv(new_environ, ENV_SANDBOX_PROFILE, sandbox_info->sandbox_profile); - sandbox_setenv(new_environ, ENV_SANDBOX_LOG, sandbox_info->sandbox_log); - sandbox_setenv(new_environ, ENV_SANDBOX_DEBUG_LOG, - sandbox_info->sandbox_debug_log); -@@ -458,6 +464,11 @@ - exit(EXIT_FAILURE); - } - -+ if (0 >= exists(sandbox_info.sandbox_profile)) { -+ perror("sandbox: Could not open the sandbox profile file"); -+ exit(EXIT_FAILURE); -+ } -+ - /* set up the required environment variables */ - if (print_debug) - printf("Setting up the required environment variables.\n"); -@@ -476,7 +487,7 @@ - argv_bash = (char **)malloc(6 * sizeof(char *)); - argv_bash[0] = strdup("/bin/bash"); - argv_bash[1] = strdup("-rcfile"); -- argv_bash[2] = strdup(sandbox_info.sandbox_rc); -+ argv_bash[2] = strdup(sandbox_info.sandbox_profile); - - if (argc < 2) - argv_bash[3] = NULL; -diff -ruN sandbox-1.2.17.orig/src/sandbox.h sandbox-1.2.17/src/sandbox.h ---- sandbox-1.2.17.orig/src/sandbox.h 2005-12-05 14:23:13.000000000 +0100 -+++ sandbox-1.2.17/src/sandbox.h 2006-07-27 16:12:05.000000000 +0200 -@@ -17,10 +17,11 @@ - #define LD_PRELOAD_FILE "/etc/ld.so.preload" - #define LIB_NAME "libsandbox.so" - #define BASHRC_NAME "sandbox.bashrc" -+#define BASHPROFILE_NAME "sandbox.profile" - #define TMPDIR "/tmp" --#define VAR_TMPDIR "/var/tmp" --#define PORTAGE_TMPDIR "/var/tmp/portage" --#define SANDBOX_LOG_LOCATION "/var/log/sandbox" -+#define VAR_TMPDIR LOCALSTATEDIR "/tmp" -+#define PORTAGE_TMPDIR VAR_TMPDIR "/portage" -+#define SANDBOX_LOG_LOCATION LOCALSTATEDIR "/log/sandbox" - #define LOG_FILE_PREFIX "/sandbox-" - #define DEBUG_LOG_FILE_PREFIX "/sandbox-debug-" - #define LOG_FILE_EXT ".log" -@@ -38,6 +39,7 @@ - - #define ENV_SANDBOX_LIB "SANDBOX_LIB" - #define ENV_SANDBOX_BASHRC "SANDBOX_BASHRC" -+#define ENV_SANDBOX_PROFILE "SANDBOX_PROFILE" - #define ENV_SANDBOX_LOG "SANDBOX_LOG" - #define ENV_SANDBOX_DEBUG_LOG "SANDBOX_DEBUG_LOG" - -diff -ruN sandbox-1.2.17.orig/src/sandbox_utils.c sandbox-1.2.17/src/sandbox_utils.c ---- sandbox-1.2.17.orig/src/sandbox_utils.c 2005-12-05 09:36:32.000000000 +0100 -+++ sandbox-1.2.17/src/sandbox_utils.c 2006-07-27 16:12:05.000000000 +0200 -@@ -42,6 +42,11 @@ - snprintf(path, SB_PATH_MAX, "%s/%s", SANDBOX_BASHRC_PATH, BASHRC_NAME); - } - -+void get_sandbox_profile(char *path) -+{ -+ snprintf(path, SB_PATH_MAX, "%s/%s", SANDBOX_BASHRC_PATH, BASHPROFILE_NAME); -+} -+ - void get_sandbox_log(char *path) - { - char *sandbox_log_env = NULL; ---- sandbox-1.2.17/data/Makefile.am.orig 2006-07-27 16:25:09.000000000 +0200 -+++ sandbox-1.2.17/data/Makefile.am 2006-07-27 16:25:18.000000000 +0200 -@@ -1,3 +1 @@ --dist_pkgdata_DATA = sandbox.bashrc -- --EXTRA_DIST = sandbox.bashrc -+dist_pkgdata_DATA = sandbox.bashrc sandbox.profile -diff -ru sandbox-1.2.17.orig/configure.ac sandbox-1.2.17/configure.ac ---- sandbox-1.2.17.orig/configure.ac 2005-12-05 15:03:35.000000000 +0100 -+++ sandbox-1.2.17/configure.ac 2006-07-21 13:12:39.000000000 +0200 -@@ -10,6 +10,8 @@ - AC_PROG_MAKE_SET - AC_PROG_AWK - AC_CHECK_PROGS([READELF], [readelf], [false]) -+AC_PATH_PROGS([CU_BASH], [bash], [/bin/bash]) -+AC_DEFINE_UNQUOTED([CU_BASH], ["${CU_BASH}"], [path to bash binary]) - - AC_ENABLE_SHARED - AC_DISABLE_STATIC -diff -ru sandbox-1.2.17.orig/src/sandbox.c sandbox-1.2.17/src/sandbox.c ---- sandbox-1.2.17.orig/src/sandbox.c 2005-12-05 14:15:45.000000000 +0100 -+++ sandbox-1.2.17/src/sandbox.c 2006-07-21 13:15:29.000000000 +0200 -@@ -474,7 +474,7 @@ - chdir(sandbox_info.work_dir); - - argv_bash = (char **)malloc(6 * sizeof(char *)); -- argv_bash[0] = strdup("/bin/bash"); -+ argv_bash[0] = strdup(CU_BASH); - argv_bash[1] = strdup("-rcfile"); - argv_bash[2] = strdup(sandbox_info.sandbox_rc); - diff --git a/sys-apps/sandbox/files/sandbox-1.2.18.1-open-cloexec.patch b/sys-apps/sandbox/files/sandbox-1.2.18.1-open-cloexec.patch deleted file mode 100644 index 806f1a3a67..0000000000 --- a/sys-apps/sandbox/files/sandbox-1.2.18.1-open-cloexec.patch +++ /dev/null @@ -1,15 +0,0 @@ -http://bugs.gentoo.org/196720 - -mark the new "e" fopen() flag as safe - ---- sandbox-1.2.18.1/src/libsandbox.c -+++ sandbox-1.2.18.1/src/libsandbox.c -@@ -1595,7 +1595,7 @@ - { - if (*mode == 'r' && (0 == (strcmp(mode, "r")) || - /* The strspn accept args are known non-writable modifiers */ -- (strlen(++mode) == strspn(mode, "xbtmc")))) { -+ (strlen(++mode) == strspn(mode, "xbtmce")))) { - return before_syscall("open_rd", file); - } else { - return before_syscall("open_wr", file); diff --git a/sys-apps/sandbox/files/sandbox-1.2.18.1-open-normal-fail.patch b/sys-apps/sandbox/files/sandbox-1.2.18.1-open-normal-fail.patch deleted file mode 100644 index 49b57e41a1..0000000000 --- a/sys-apps/sandbox/files/sandbox-1.2.18.1-open-normal-fail.patch +++ /dev/null @@ -1,99 +0,0 @@ -Patch from Kevin F. Quinn at https://bugs.gentoo.org/show_bug.cgi?id=135745 -Already applied in sandbox svn - -Makes sandboxed open() calls return the normal error conditions if the -file in question does not exist, without causing a sandbox violation. -This allows programs to use open() to test for file existance, regardless -of read-write flags. This is not revealing any further information about -the backing system because this data was already available through stat(). - -Index: src/libsandbox.c -=================================================================== ---- src/libsandbox.c.orig -+++ src/libsandbox.c -@@ -80,6 +80,9 @@ - #define FUNCTION_SANDBOX_SAFE_ACCESS(_func, _path, _flags) \ - ((0 == is_sandbox_on()) || (1 == before_syscall_access(_func, _path, _flags))) - -+#define FUNCTION_SANDBOX_FAIL_OPEN_INT(_func, _path, _flags) \ -+ ((0 == is_sandbox_on()) || (1 == before_syscall_open_int(_func, _path, _flags))) -+ - #define FUNCTION_SANDBOX_SAFE_OPEN_INT(_func, _path, _flags) \ - ((0 == is_sandbox_on()) || (1 == before_syscall_open_int(_func, _path, _flags))) - -@@ -388,6 +391,16 @@ static FILE * (*true_ ## _name) (const c - FILE *_name(const char *pathname, const char *mode) \ - { \ - FILE *result = NULL; \ -+ int my_errno = errno; \ -+ struct stat st; \ -+\ -+ if (mode!=NULL && mode[0]=='r') { \ -+ /* If we're trying to read, fail normally if file does not stat */\ -+ if (-1 == stat(pathname, &st)) { \ -+ return NULL; \ -+ } \ -+ } \ -+ errno = my_errno; \ - \ - if FUNCTION_SANDBOX_SAFE_OPEN_CHAR("fopen", pathname, mode) { \ - check_dlsym(_name); \ -@@ -561,12 +574,20 @@ int _name(const char *pathname, int flag - va_list ap; \ - int mode = 0; \ - int result = -1; \ -+ int my_errno = errno; \ -+ struct stat st; \ - \ - if (flags & O_CREAT) { \ - va_start(ap, flags); \ - mode = va_arg(ap, int); \ - va_end(ap); \ -+ } else { \ -+ /* If we're not trying to create, fail normally if file does not stat */\ -+ if (-1 == stat(pathname, &st)) { \ -+ return -1; \ -+ } \ - } \ -+ errno = my_errno; \ - \ - if FUNCTION_SANDBOX_SAFE_OPEN_INT("open", pathname, flags) { \ - check_dlsym(_name); \ -@@ -726,6 +747,16 @@ static FILE * (*true_ ## _name) (const c - FILE *_name(const char *pathname, const char *mode) \ - { \ - FILE *result = NULL; \ -+ int my_errno = errno; \ -+ struct stat64 st; \ -+\ -+ if (mode!=NULL && mode[0]=='r') { \ -+ /* If we're trying to read, fail normally if file does not stat */\ -+ if (-1 == stat64(pathname, &st)) { \ -+ return NULL; \ -+ } \ -+ } \ -+ errno = my_errno; \ - \ - if FUNCTION_SANDBOX_SAFE_OPEN_CHAR("fopen64", pathname, mode) { \ - check_dlsym(_name); \ -@@ -746,12 +777,20 @@ int _name(const char *pathname, int flag - va_list ap; \ - int mode = 0; \ - int result = -1; \ -+ int my_errno = errno; \ -+ struct stat64 st; \ - \ - if (flags & O_CREAT) { \ - va_start(ap, flags); \ - mode = va_arg(ap, int); \ - va_end(ap); \ -+ } else { \ -+ /* If we're not trying to create, fail normally if file does not stat */\ -+ if (-1 == stat64(pathname, &st)) { \ -+ return -1; \ -+ } \ - } \ -+ errno = my_errno; \ - \ - if FUNCTION_SANDBOX_SAFE_OPEN_INT("open64", pathname, flags) { \ - check_dlsym(_name); \ diff --git a/sys-apps/sandbox/files/sandbox-1.2.18.1-rtld-validation.patch b/sys-apps/sandbox/files/sandbox-1.2.18.1-rtld-validation.patch deleted file mode 100644 index 36e96f5779..0000000000 --- a/sys-apps/sandbox/files/sandbox-1.2.18.1-rtld-validation.patch +++ /dev/null @@ -1,43 +0,0 @@ -From: Robin H. Johnson <robbat2@gentoo.org> -Gentoo-Bug: 206678 -X-Gentoo-URL: http://bugs.gentoo.org/show_bug.cgi?id=206678 -Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> - -Based on a previous revision by solar@gentoo.org. -It seems that on hardened systems, USE_RTLD_NEXT is not always usable, and this -trips up sandbox. - -diff -Nuar sandbox-1.2.18.1.orig/src/libsandbox.c sandbox-1.2.18.1/src/libsandbox.c ---- sandbox-1.2.18.1.orig/src/libsandbox.c 2008-06-27 16:15:53.000000000 +0000 -+++ sandbox-1.2.18.1/src/libsandbox.c 2008-06-27 16:20:26.000000000 +0000 -@@ -192,18 +192,24 @@ - { - void *symaddr = NULL; - -- if (NULL == libc_handle) { --#if !defined(USE_RTLD_NEXT) -+#if defined(USE_RTLD_NEXT) -+ libc_handle = RTLD_NEXT; -+#endif -+ -+ /* Checking for -1UL is significent on hardened! -+ * USE_RTLD_NEXT returns it as a sign of being unusable. -+ * However using !x or NULL checks does NOT pick it up! -+ */ -+#define INVALID_LIBC_HANDLE(x) (!x || NULL == x || -1UL == x) -+ if (INVALID_LIBC_HANDLE(libc_handle)) { - libc_handle = dlopen(LIBC_VERSION, RTLD_LAZY); -- if (!libc_handle) { -+ if (INVALID_LIBC_HANDLE(libc_handle)) { - fprintf(stderr, "libsandbox: Can't dlopen libc: %s\n", - dlerror()); - exit(EXIT_FAILURE); - } --#else -- libc_handle = RTLD_NEXT; --#endif - } -+#undef INVALID_LIBC_HANDLE - - if (NULL == symver) - symaddr = dlsym(libc_handle, symname); diff --git a/sys-apps/sandbox/files/sandbox-1.2.20_alpha2-parallel.patch b/sys-apps/sandbox/files/sandbox-1.2.20_alpha2-parallel.patch deleted file mode 100644 index cbf769fc4e..0000000000 --- a/sys-apps/sandbox/files/sandbox-1.2.20_alpha2-parallel.patch +++ /dev/null @@ -1,12 +0,0 @@ -http://bugs.gentooorg/190051 - ---- libsandbox/Makefile.in -+++ libsandbox/Makefile.in -@@ -517,6 +517,7 @@ - - - libsandbox.c: libsandbox.map symbols.h -+wrappers.c: symbols.h - - libsandbox.map: $(SYMBOLS_FILE) $(GEN_VERSION_MAP_SCRIPT) - @echo "Generating $@"; \ diff --git a/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch b/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch deleted file mode 100644 index 490bc41c0e..0000000000 --- a/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch +++ /dev/null @@ -1,37 +0,0 @@ -http://bugs.gentoo.org/263657 - -disable pthread locks ... this is how stable has always worked, so there -wont be any regressions ... - -diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c -index 034d0e7..595d17f 100644 ---- a/libsandbox/libsandbox.c -+++ b/libsandbox/libsandbox.c -@@ -814,9 +814,6 @@ - return result; - } - --/* Need to protect the global sbcontext structure */ --static pthread_mutex_t sb_syscall_lock = PTHREAD_MUTEX_INITIALIZER; -- - bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, int flags) - { - int old_errno = errno; -@@ -843,8 +840,6 @@ - file = at_file_buf; - } - -- pthread_mutex_lock(&sb_syscall_lock); -- - if (!sb_init) { - init_context(&sbcontext); - sb_init = true; -@@ -885,8 +880,6 @@ - - result = check_syscall(&sbcontext, sb_nr, func, file, flags); - -- pthread_mutex_unlock(&sb_syscall_lock); -- - if (0 == result) { - if ((NULL != getenv(ENV_SANDBOX_PID)) && (is_env_on(ENV_SANDBOX_ABORT))) - diff --git a/sys-apps/sandbox/files/sandbox-1.6-disable-qa-static.patch b/sys-apps/sandbox/files/sandbox-1.6-disable-qa-static.patch deleted file mode 100644 index 754ef01968..0000000000 --- a/sys-apps/sandbox/files/sandbox-1.6-disable-qa-static.patch +++ /dev/null @@ -1,13 +0,0 @@ -sandbox-1.7 traces static apps so disable the qa notice as it just scares -users ... dont want scary stuff in stable! - ---- libsandbox/wrapper-funcs/__wrapper_exec.c -+++ libsandbox/wrapper-funcs/__wrapper_exec.c -@@ -221,7 +221,6 @@ - if (!FUNCTION_SANDBOX_SAFE(path)) - return result; - -- sb_check_exec(path, argv); - } - #endif - diff --git a/sys-apps/sandbox/files/sandbox-1.9-setoptions.patch b/sys-apps/sandbox/files/sandbox-1.9-setoptions.patch deleted file mode 100644 index 34e8722697..0000000000 --- a/sys-apps/sandbox/files/sandbox-1.9-setoptions.patch +++ /dev/null @@ -1,15 +0,0 @@ - Fix undefined PTRACE_SETOPTIONS error, patch by grobian - -diff --git a/libsandbox/trace.c b/libsandbox/trace.c -index 7c5ec17..eaf520f 100644 ---- a/libsandbox/trace.c -+++ b/libsandbox/trace.c -@@ -425,7 +425,7 @@ void trace_main(const char *filename, char *const argv[]) - SB_DEBUG("parent waiting for child (pid=%i) to signal", trace_pid); - while (!child_stopped) - sched_yield(); --#ifdef PTRACE_O_TRACESYSGOOD -+#if defined(PTRACE_O_TRACESYSGOOD) && defined(PTRACE_SETOPTIONS) - /* Not all kernel versions support this, so ignore return */ - ptrace(PTRACE_SETOPTIONS, trace_pid, NULL, (void *)PTRACE_O_TRACESYSGOOD); - #endif diff --git a/sys-apps/sandbox/files/sandbox-2.0-prefix.patch b/sys-apps/sandbox/files/sandbox-2.0-prefix.patch deleted file mode 100644 index 5e32912f6b..0000000000 --- a/sys-apps/sandbox/files/sandbox-2.0-prefix.patch +++ /dev/null @@ -1,37 +0,0 @@ -* heiko's way of getting this thing going -http://repo.or.cz/w/heikos-i-prolly-break-your-prefix-overlay.git?a=blob;f=sys-apps/sandbox/files/sandbox-2.0-prefix.patch;h=7b4f568679522682ba784853829a0f2b1272b21d;hb=HEAD - -diff --git a/libsbutil/get_sandbox_lib.c b/libsbutil/get_sandbox_lib.c -index b64a5ac..1cf4832 100644 ---- a/libsbutil/get_sandbox_lib.c -+++ b/libsbutil/get_sandbox_lib.c -@@ -22,6 +22,7 @@ - void get_sandbox_lib(char *path) - { - save_errno(); -+#ifndef GENTOO_PREFIX - strcpy(path, LIB_NAME); - if (strncmp("/usr/lib", LIBSANDBOX_PATH, 8)) { - void *hndl = dlopen(path, RTLD_LAZY); -@@ -30,5 +31,10 @@ void get_sandbox_lib(char *path) - else - dlclose(hndl); - } -+#else -+ /* Gentoo Prefix always needs the absolute path due to DT_R*PATH usage -+ * within dlopen(). */ -+ snprintf(path, SB_PATH_MAX, "%s/%s", LIBSANDBOX_PATH, LIB_NAME); -+#endif - restore_errno(); - } ---- a/etc/sandbox.d/00default.orig 2009-06-22 14:10:30.000000000 +0200 -+++ a/etc/sandbox.d/00default 2009-06-22 14:11:41.000000000 +0200 -@@ -14,7 +14,7 @@ - # Finally add current directory if interactive - SANDBOX_WRITE="${SANDBOX_WORKDIR}" - # Needed for configure tests --SANDBOX_WRITE="/usr/tmp/conftest:/usr/lib/conftest:/usr/lib32/conftest:/usr/lib64/conftest:/usr/tmp/cf:/usr/lib/cf:/usr/lib32/cf:/usr/lib64/cf" -+SANDBOX_WRITE="@GENTOO_PORTAGE_EPREFIX@/usr/tmp/conftest:@GENTOO_PORTAGE_EPREFIX@/usr/lib/conftest:@GENTOO_PORTAGE_EPREFIX@/usr/lib32/conftest:@GENTOO_PORTAGE_EPREFIX@/usr/lib64/conftest:@GENTOO_PORTAGE_EPREFIX@/usr/tmp/cf:@GENTOO_PORTAGE_EPREFIX@/usr/lib/cf:@GENTOO_PORTAGE_EPREFIX@/usr/lib32/cf:@GENTOO_PORTAGE_EPREFIX@/usr/lib64/cf" - - # Usually writes in /home should not cause violations - SANDBOX_PREDICT="${HOME}" diff --git a/sys-apps/sandbox/files/sandbox-2.0-setoptions.patch b/sys-apps/sandbox/files/sandbox-2.0-setoptions.patch deleted file mode 100644 index 9430dbb9e8..0000000000 --- a/sys-apps/sandbox/files/sandbox-2.0-setoptions.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- libsandbox/trace.c.old 2009-06-30 10:11:40.000000000 -0500 -+++ libsandbox/trace.c 2009-06-30 10:11:58.000000000 -0500 -@@ -476,7 +476,7 @@ - } else if (trace_pid) { - SB_DEBUG("parent waiting for child (pid=%i) to signal", trace_pid); - waitpid(trace_pid, NULL, 0); --#ifdef PTRACE_O_TRACESYSGOOD -+#if defined(PTRACE_SETOPTIONS) && defined(PTRACE_O_TRACESYSGOOD) - /* Not all kernel versions support this, so ignore return */ - ptrace(PTRACE_SETOPTIONS, trace_pid, NULL, (void *)PTRACE_O_TRACESYSGOOD); - #endif diff --git a/sys-apps/sandbox/files/sandbox-2.2-prefix.patch b/sys-apps/sandbox/files/sandbox-2.2-prefix.patch deleted file mode 100644 index 0cd5f3fbf1..0000000000 --- a/sys-apps/sandbox/files/sandbox-2.2-prefix.patch +++ /dev/null @@ -1,26 +0,0 @@ -* heiko's way of getting this thing going -http://repo.or.cz/w/heikos-i-prolly-break-your-prefix-overlay.git?a=blob;f=sys-apps/sandbox/files/sandbox-2.0-prefix.patch;h=7b4f568679522682ba784853829a0f2b1272b21d;hb=HEAD - -diff --git a/libsbutil/get_sandbox_lib.c b/libsbutil/get_sandbox_lib.c -index b64a5ac..1cf4832 100644 ---- a/libsbutil/get_sandbox_lib.c -+++ b/libsbutil/get_sandbox_lib.c -@@ -22,6 +22,7 @@ - void get_sandbox_lib(char *path) - { - save_errno(); -+#ifndef GENTOO_PREFIX - strcpy(path, LIB_NAME); - if (strncmp("/usr/lib", LIBSANDBOX_PATH, 8)) { - void *hndl = dlopen(path, RTLD_LAZY); -@@ -30,5 +31,10 @@ void get_sandbox_lib(char *path) - else - dlclose(hndl); - } -+#else -+ /* Gentoo Prefix always needs the absolute path due to DT_R*PATH usage -+ * within dlopen(). */ -+ snprintf(path, SB_PATH_MAX, "%s/%s", LIBSANDBOX_PATH, LIB_NAME); -+#endif - restore_errno(); - } diff --git a/sys-apps/sandbox/files/sandbox-2.6-trace-hppa.patch b/sys-apps/sandbox/files/sandbox-2.6-trace-hppa.patch deleted file mode 100644 index 7e73822865..0000000000 --- a/sys-apps/sandbox/files/sandbox-2.6-trace-hppa.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 7b01f6103a9baddaf0252e7f850a4cef91a48b67 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger <vapier@gentoo.org> -Date: Fri, 6 Jul 2012 14:58:16 -0400 -Subject: [PATCH] libsandbox: fix hppa trace code - -URL: https://bugs.gentoo.org/425062 -Reported-by: Jeroen Roovers <jer@gentoo.org> -Signed-off-by: Mike Frysinger <vapier@gentoo.org> ---- - libsandbox/trace/linux/hppa.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libsandbox/trace/linux/hppa.c b/libsandbox/trace/linux/hppa.c -index d23b0d1..5414354 100644 ---- a/libsandbox/trace/linux/hppa.c -+++ b/libsandbox/trace/linux/hppa.c -@@ -1,5 +1,5 @@ --#define trace_reg_sysnum (20 * 4) /* PT_GR20 */ --#define trace_reg_ret (28 * 4) /* PT_GR28 */ -+#define trace_reg_sysnum gr[20] -+#define trace_reg_ret gr[28] - - static unsigned long trace_arg(void *vregs, int num) - { --- -1.7.9.7 - diff --git a/sys-apps/sandbox/metadata.xml b/sys-apps/sandbox/metadata.xml deleted file mode 100644 index ebbf8300de..0000000000 --- a/sys-apps/sandbox/metadata.xml +++ /dev/null @@ -1,11 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> - -<!-- portage lacks a herd. correct this when we have one. --> - -<maintainer type="project"> - <email>sandbox@gentoo.org</email> - <description>Sandbox Maintainers</description> -</maintainer> -</pkgmetadata> diff --git a/sys-apps/sandbox/sandbox-1.6-r2.ebuild b/sys-apps/sandbox/sandbox-1.6-r2.ebuild deleted file mode 100644 index cdf0643ff5..0000000000 --- a/sys-apps/sandbox/sandbox-1.6-r2.ebuild +++ /dev/null @@ -1,104 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-1.6-r2.ebuild,v 1.17 2012/03/30 15:58:53 aballier Exp $ - -# -# don't monkey with this ebuild unless contacting portage devs. -# period. -# - -inherit eutils flag-o-matic toolchain-funcs multilib unpacker - -DESCRIPTION="sandbox'd LD_PRELOAD hack" -HOMEPAGE="http://www.gentoo.org/" -SRC_URI="mirror://gentoo/${P}.tar.lzma - http://dev.gentoo.org/~vapier/dist/${P}.tar.lzma" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64-linux ~x86-linux" -IUSE="" - -DEPEND="app-arch/xz-utils - >=app-misc/pax-utils-0.1.19" #265376 -RDEPEND="" - -EMULTILIB_PKG="true" -has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" - -sandbox_death_notice() { - ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" - ewarn "FEATURES=-sandbox emerge sandbox" -} - -src_unpack() { - unpacker_src_unpack - cd "${S}" - epatch "${FILESDIR}"/${P}-disable-qa-static.patch - epatch "${FILESDIR}"/${P}-disable-pthread.patch - epatch "${FILESDIR}"/0001-libsandbox-handle-more-at-functions.patch -} - -src_compile() { - filter-lfs-flags #90228 - - local OABI=${ABI} - for ABI in $(get_install_abis) ; do - mkdir "${WORKDIR}/build-${ABI}" - cd "${WORKDIR}/build-${ABI}" - - multilib_toolchain_setup ${ABI} - - einfo "Configuring sandbox for ABI=${ABI}..." - ECONF_SOURCE="../${P}/" \ - econf ${myconf} || die - einfo "Building sandbox for ABI=${ABI}..." - emake || die - done - ABI=${OABI} -} - -src_test() { - local OABI=${ABI} - for ABI in $(get_install_abis) ; do - cd "${WORKDIR}/build-${ABI}" - einfo "Checking sandbox for ABI=${ABI}..." - emake check || die "make check failed for ${ABI}" - done - ABI=${OABI} -} - -src_install() { - local OABI=${ABI} - for ABI in $(get_install_abis) ; do - cd "${WORKDIR}/build-${ABI}" - einfo "Installing sandbox for ABI=${ABI}..." - emake DESTDIR="${D}" install || die "make install failed for ${ABI}" - done - ABI=${OABI} - - doenvd "${FILESDIR}"/09sandbox - - keepdir /var/log/sandbox - use prefix || fowners root:portage /var/log/sandbox - fperms 0770 /var/log/sandbox - - cd "${S}" - dodoc AUTHORS ChangeLog* NEWS README -} - -pkg_preinst() { - use prefix || chown root:portage "${ED}"/var/log/sandbox - chmod 0770 "${ED}"/var/log/sandbox - - local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*') - if [[ -n ${old} ]] ; then - elog "Removing old sandbox libraries for you:" - elog ${old//${EROOT}} - find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \; - fi -} - -pkg_postinst() { - chmod 0755 "${EROOT}"/etc/sandbox.d #265376 -} diff --git a/sys-apps/sandbox/sandbox-2.5.ebuild b/sys-apps/sandbox/sandbox-2.5.ebuild deleted file mode 100644 index 6f4b7035a9..0000000000 --- a/sys-apps/sandbox/sandbox-2.5.ebuild +++ /dev/null @@ -1,126 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-2.5.ebuild,v 1.10 2012/06/24 05:35:02 vapier Exp $ - -# -# don't monkey with this ebuild unless contacting portage devs. -# period. -# - -inherit eutils flag-o-matic toolchain-funcs multilib unpacker multiprocessing prefix - -DESCRIPTION="sandbox'd LD_PRELOAD hack" -HOMEPAGE="http://www.gentoo.org/" -SRC_URI="mirror://gentoo/${P}.tar.xz - http://dev.gentoo.org/~vapier/dist/${P}.tar.xz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64-linux ~x86-linux" -IUSE="multilib" - -DEPEND="app-arch/xz-utils - >=app-misc/pax-utils-0.1.19" #265376 -RDEPEND="" - -EMULTILIB_PKG="true" -has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" - -sandbox_death_notice() { - ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" - ewarn "FEATURES=-sandbox emerge sandbox" -} - -sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; } - -src_unpack() { - unpacker_src_unpack - cd "${S}" - epatch "${FILESDIR}"/${PN}-2.2-prefix.patch -} - -sb_foreach_abi() { - # enable usage of absolute libpath in prefix - use prefix && append-flags -DGENTOO_PREFIX - - local OABI=${ABI} - for ABI in $(sb_get_install_abis) ; do - cd "${WORKDIR}/build-${ABI}" - einfo "Running $1 for ABI=${ABI}..." - "$@" - done - ABI=${OABI} -} - -sb_configure() { - mkdir "${WORKDIR}/build-${ABI}" - cd "${WORKDIR}/build-${ABI}" - - use multilib && multilib_toolchain_setup ${ABI} - - einfo "Configuring sandbox for ABI=${ABI}..." - ECONF_SOURCE="../${P}/" \ - econf ${myconf} || die -} - -sb_compile() { - emake || die -} - -src_compile() { - filter-lfs-flags #90228 - - # Run configures in parallel! - multijob_init - local OABI=${ABI} - for ABI in $(sb_get_install_abis) ; do - multijob_child_init sb_configure - done - ABI=${OABI} - multijob_finish - - sb_foreach_abi sb_compile -} - -sb_test() { - emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" || die -} - -src_test() { - sb_foreach_abi sb_test -} - -sb_install() { - emake DESTDIR="${D}" install || die - insinto /etc/sandbox.d #333131 - doins etc/sandbox.d/00default || die -} - -src_install() { - sb_foreach_abi sb_install - - doenvd "${FILESDIR}"/09sandbox - - keepdir /var/log/sandbox - use prefix || fowners root:portage /var/log/sandbox - fperms 0770 /var/log/sandbox - - cd "${S}" - dodoc AUTHORS ChangeLog* NEWS README -} - -pkg_preinst() { - use prefix || chown root:portage "${ED}"/var/log/sandbox - chmod 0770 "${ED}"/var/log/sandbox - - local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*') - if [[ -n ${old} ]] ; then - elog "Removing old sandbox libraries for you:" - elog ${old//${EROOT}} - find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \; - fi -} - -pkg_postinst() { - chmod 0755 "${EROOT}"/etc/sandbox.d #265376 -} diff --git a/sys-apps/sandbox/sandbox-2.6.ebuild b/sys-apps/sandbox/sandbox-2.6.ebuild deleted file mode 100644 index 641076f31c..0000000000 --- a/sys-apps/sandbox/sandbox-2.6.ebuild +++ /dev/null @@ -1,132 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-2.6.ebuild,v 1.2 2012/07/06 19:53:10 vapier Exp $ - -# -# don't monkey with this ebuild unless contacting portage devs. -# period. -# - -inherit eutils flag-o-matic toolchain-funcs multilib unpacker multiprocessing prefix - -DESCRIPTION="sandbox'd LD_PRELOAD hack" -HOMEPAGE="http://www.gentoo.org/" -SRC_URI="mirror://gentoo/${P}.tar.xz - http://dev.gentoo.org/~vapier/dist/${P}.tar.xz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64-linux ~x86-linux" -IUSE="multilib" - -DEPEND="app-arch/xz-utils - >=app-misc/pax-utils-0.1.19" #265376 -RDEPEND="" - -EMULTILIB_PKG="true" -has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" - -sandbox_death_notice() { - ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" - ewarn "FEATURES=-sandbox emerge sandbox" -} - -sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; } - -src_unpack() { - unpacker_src_unpack - cd "${S}" - epatch "${FILESDIR}"/${PN}-2.2-prefix.patch -} - -sb_foreach_abi() { - # enable usage of absolute libpath in prefix - use prefix && append-flags -DGENTOO_PREFIX - - local OABI=${ABI} - for ABI in $(sb_get_install_abis) ; do - cd "${WORKDIR}/build-${ABI}" - einfo "Running $1 for ABI=${ABI}..." - "$@" - done - ABI=${OABI} -} - -src_unpack() { - unpacker - cd "${S}" - epatch "${FILESDIR}"/${P}-trace-hppa.patch #425062 -} - -sb_configure() { - mkdir "${WORKDIR}/build-${ABI}" - cd "${WORKDIR}/build-${ABI}" - - use multilib && multilib_toolchain_setup ${ABI} - - einfo "Configuring sandbox for ABI=${ABI}..." - ECONF_SOURCE="../${P}/" \ - econf ${myconf} || die -} - -sb_compile() { - emake || die -} - -src_compile() { - filter-lfs-flags #90228 - - # Run configures in parallel! - multijob_init - local OABI=${ABI} - for ABI in $(sb_get_install_abis) ; do - multijob_child_init sb_configure - done - ABI=${OABI} - multijob_finish - - sb_foreach_abi sb_compile -} - -sb_test() { - emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" || die -} - -src_test() { - sb_foreach_abi sb_test -} - -sb_install() { - emake DESTDIR="${D}" install || die - insinto /etc/sandbox.d #333131 - doins etc/sandbox.d/00default || die -} - -src_install() { - sb_foreach_abi sb_install - - doenvd "${FILESDIR}"/09sandbox - - keepdir /var/log/sandbox - use prefix || fowners root:portage /var/log/sandbox - fperms 0770 /var/log/sandbox - - cd "${S}" - dodoc AUTHORS ChangeLog* NEWS README -} - -pkg_preinst() { - use prefix || chown root:portage "${ED}"/var/log/sandbox - chmod 0770 "${ED}"/var/log/sandbox - - local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*') - if [[ -n ${old} ]] ; then - elog "Removing old sandbox libraries for you:" - elog ${old//${EROOT}} - find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \; - fi -} - -pkg_postinst() { - chmod 0755 "${EROOT}"/etc/sandbox.d #265376 -} |