From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: X-Spam-Status: No, score=0.3 required=5.0 tests=DMARC_NONE,MAILING_LIST_MULTI, RDNS_DYNAMIC autolearn=no autolearn_force=no version=4.0.0 Received: from lark.theleaf.office (cable-213-132-142-63.upc.chello.be [213.132.142.63]) by chiba.3jane.net (Postfix) with SMTP id 951AF159A1 for ; Wed, 5 Dec 2001 22:19:36 -0600 (CST) Received: (qmail 13460 invoked from network); 6 Dec 2001 04:19:15 -0000 Received: from unknown (HELO gentoo.theleaf.office) (10.1.1.7) by 10.1.1.1 with SMTP; 6 Dec 2001 04:19:15 -0000 From: Geert Bevin To: gentoo-dev@gentoo.org Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0 (Preview Release) Date: 06 Dec 2001 05:18:41 +0100 Message-Id: <1007612321.8135.6.camel@gentoo.theleaf.office> Mime-Version: 1.0 Subject: [gentoo-dev] emerge system through sandbox Sender: gentoo-dev-admin@gentoo.org Errors-To: gentoo-dev-admin@gentoo.org X-BeenThere: gentoo-dev@gentoo.org X-Mailman-Version: 2.0.6 Precedence: bulk Reply-To: gentoo-dev@gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Developer discussion list List-Unsubscribe: , List-Archive: X-Archives-Salt: 2a91040c-fdb2-4804-8610-a5b13d809899 X-Archives-Hash: 25e409dafe8a654f88e3f11e233efdfc Hi, I performed an entire 'emerge system' on a freshly installed machine with the sandbox installed beforehand. This made it possible to check all system packages for accedental writes outside the allowed dirs. Below is the list of packages that failed and the details : fileutils mkdir: /usr/tmp/cf19190 mkdir: /usr/lib/cf19190 findutils mkdir: /var/spool/locate gpm mkdir: /etc/gpm ncurses open_wr: /usr/tmp/conftest9012345 open_wr: /usr/tmp/conftest9012346 patch open_wr: /usr/tmp/conftest9012345 open_wr: /usr/tmp/conftest9012346 pwdb open_wr: /usr/portage/sys-libs/pwdb/files/. sh-utils mkdir: /usr/tmp/cf8115 mkdir: /usr/lib/cf8115 tar open_wr: /usr/tmp/conftest9012345 open_wr: /usr/tmp/conftest9012346 textutils mkdir: /usr/tmp/cf27156 mkdir: /usr/lib/cf27156 Out of this I conclude that it might be a good idea to open up '/usr/tmp' for writing too. Anyway, it's linked to /var/tmp and ormally the dirs that are created in /usr/tmp by these packages are deleted immediately afterwards. I'm currently building an entire gnome desktop through the sandbox. There's already one problem which I've discussed with Hallski. Quite some packages need to write to '/var/log/scrollkeeper.log' during their installation. Hallski is going to investigate how this could be helped, but in the meantime I've opened up my local sadbox for this file temporarely. Best regards, Geert -- Geert Bevin the Leaf sprl/bvba "Use what you need" Pierre Theunisstraat 1/47 http://www.theleaf.be 1030 Brussels gbevin@theleaf.be Tel & Fax +32 2 241 19 98