From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5052E158015 for ; Thu, 28 Dec 2023 08:00:52 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 902182BC015; Thu, 28 Dec 2023 08:00:51 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7147F2BC015 for ; Thu, 28 Dec 2023 08:00:51 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 38D25335DC0 for ; Thu, 28 Dec 2023 08:00:50 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 73AD2AE5 for ; Thu, 28 Dec 2023 08:00:48 +0000 (UTC) From: "Ulrich Müller" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Ulrich Müller" Message-ID: <1703423152.aecb51e70f8546fd7f55144f9035ca982ab6fae1.ulm@gentoo> Subject: [gentoo-commits] proj/pms:master commit in: / X-VCS-Repository: proj/pms X-VCS-Files: pkg-mgr-commands.tex X-VCS-Directories: / X-VCS-Committer: ulm X-VCS-Committer-Name: Ulrich Müller X-VCS-Revision: aecb51e70f8546fd7f55144f9035ca982ab6fae1 X-VCS-Branch: master Date: Thu, 28 Dec 2023 08:00:48 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 4155698c-ef88-4aa5-8546-6a8308c04422 X-Archives-Hash: 7747fbfd6840365cc8d6df7133846bf0 Message-ID: <20231228080048.93sNRUCOHoHjJnq6mi_udPKNktwpRO7BbYr2KtRRkiA@z> commit: aecb51e70f8546fd7f55144f9035ca982ab6fae1 Author: Ulrich Müller gentoo org> AuthorDate: Sun Dec 24 13:05:52 2023 +0000 Commit: Ulrich Müller gentoo org> CommitDate: Sun Dec 24 13:05:52 2023 +0000 URL: https://gitweb.gentoo.org/proj/pms.git/commit/?id=aecb51e7 pkg-mgr-commands.tex: Sandbox commands accept any file The sandbox commands addread, addwrite, addpredict and adddeny can accept not only directories, but also other files like regular files or device nodes. This behaviour is supported by all three package managers. Also, the sandbox's default configuration relies on it (e.g. "/dev/null" and "${HOME}/.bash_history" in /etc/sandbox.conf), and it is widely used in the Gentoo repository. Signed-off-by: Ulrich Müller gentoo.org> pkg-mgr-commands.tex | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg-mgr-commands.tex b/pkg-mgr-commands.tex index b6113f6..2202b64 100644 --- a/pkg-mgr-commands.tex +++ b/pkg-mgr-commands.tex @@ -89,14 +89,14 @@ called, the package manager must abort the build process indicating an error. \end{centertable} \subsection{Sandbox commands} -These commands affect the behaviour of the sandbox. Each command takes a single directory as -argument. Ebuilds must not run any of these commands once the current phase function has returned. +These commands affect the behaviour of the sandbox. Each command takes a single path as argument. +Ebuilds must not run any of these commands once the current phase function has returned. \begin{description} -\item[addread] Add a directory to the permitted read list. -\item[addwrite] Add a directory to the permitted write list. -\item[addpredict] Add a directory to the predict list. Any write to a location in this list will be +\item[addread] Add a path to the permitted read list. +\item[addwrite] Add a path to the permitted write list. +\item[addpredict] Add a path to the predict list. Any write to a location in this list will be denied, but will not trigger access violation messages or abort the build process. -\item[adddeny] Add a directory to the deny list. +\item[adddeny] Add a path to the deny list. \end{description} \subsection{Package manager query commands}