From: Zac Medico <zmedico@gentoo.org>
Date: Fri, 28 Dec 2007 23:15:55 +0000 (-0000)
Subject: Bug #202697 - Add / to the default initial SANDBOX_READ in order to
X-Git-Tag: v2.1.4~43
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=09c6ebbd7655b6dd63b35a449330f6b43ec65e5f;p=portage.git

Bug #202697 - Add / to the default initial SANDBOX_READ in order to
avoid a situation where attempts to read arbitrary files trigger
sandbox violations. (trunk r9085)

svn path=/main/branches/2.1.2/; revision=9086
---

diff --git a/bin/ebuild.sh b/bin/ebuild.sh
index d65ff69e9..51b0b5f2f 100755
--- a/bin/ebuild.sh
+++ b/bin/ebuild.sh
@@ -9,7 +9,7 @@ PORTAGE_PYM_PATH="${PORTAGE_PYM_PATH:-/usr/lib/portage/pym}"
 SANDBOX_PREDICT="${SANDBOX_PREDICT}:/proc/self/maps:/dev/console:/dev/random"
 export SANDBOX_PREDICT="${SANDBOX_PREDICT}:${PORTAGE_PYM_PATH}:${PORTAGE_DEPCACHEDIR}"
 export SANDBOX_WRITE="${SANDBOX_WRITE}:/dev/shm:/dev/stdout:/dev/stderr:${PORTAGE_TMPDIR}"
-export SANDBOX_READ="${SANDBOX_READ}:/dev/shm:/dev/stdin:${PORTAGE_TMPDIR}"
+export SANDBOX_READ="${SANDBOX_READ}:/:/dev/shm:/dev/stdin:${PORTAGE_TMPDIR}"
 # Don't use sandbox's BASH_ENV for new shells because it does
 # 'source /etc/profile' which can interfere with the build
 # environment by modifying our PATH.