Unconditionally filter some of the SANDBOX_* variables from the

environment in order to avoid potential interference problems.
For example, having an invalid value for SANDBOX_LOG prevents
the sandbox from killing the ebuild when a violation occurs.

svn path=/main/trunk/; revision=8636

diff --git a/bin/ebuild.sh b/bin/ebuild.sh
index 6d38e57b473425f767f825aaf2dcd87bca9125bf..ab663d02832f48f4d414ed5dc6ee2a612a5d848f 100755 (executable)
--- a/bin/ebuild.sh
+++ b/bin/ebuild.sh
@@ -1384,10 +1384,16 @@ filter_readonly_variables() {
        local x filtered_vars var_grep
        local readonly_bash_vars="DIRSTACK EUID FUNCNAME GROUPS
                PIPESTATUS PPID SHELLOPTS UID"
+       local filtered_sandbox_vars="SANDBOX_ACTIVE SANDBOX_BASHRC
+               SANDBOX_DEBUG_LOG SANDBOX_DISABLED SANDBOX_LIB
+               SANDBOX_LOG"
        filtered_vars="${readonly_bash_vars} ${READONLY_PORTAGE_VARS}
                BASH_[_[:alnum:]]*"
-       hasq --filter-sandbox $* && \
+       if hasq --filter-sandbox $* ; then
                filtered_vars="${filtered_vars} SANDBOX_[_[:alnum:]]*"
+       else
+               filtered_vars="${filtered_vars} ${filtered_sandbox_vars}"
+       fi
        set -f
        for x in ${filtered_vars} ; do
                var_grep="${var_grep}|${x}"