From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-65497-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id ACE781387FD
	for <garchives@archives.gentoo.org>; Mon, 31 Mar 2014 20:54:30 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 558A3E0B2C;
	Mon, 31 Mar 2014 20:54:23 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 557BAE0A43
	for <gentoo-dev@lists.gentoo.org>; Mon, 31 Mar 2014 20:54:22 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by smtp.gentoo.org (Postfix) with ESMTP id 5D5C033F6B0
	for <gentoo-dev@lists.gentoo.org>; Mon, 31 Mar 2014 20:54:21 +0000 (UTC)
X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org
X-Spam-Flag: NO
X-Spam-Score: -1.453
X-Spam-Level:
X-Spam-Status: No, score=-1.453 tagged_above=-999 required=5.5
	tests=[AWL=-0.901, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.55,
	SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1])
	by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id lqCFGuAEVVZX for <gentoo-dev@lists.gentoo.org>;
	Mon, 31 Mar 2014 20:54:15 +0000 (UTC)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 81F4A335DEE
	for <gentoo-dev@gentoo.org>; Mon, 31 Mar 2014 20:54:13 +0000 (UTC)
Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <lnx-gentoo-dev@m.gmane.org>)
	id 1WUjDc-0002rZ-84
	for gentoo-dev@gentoo.org; Mon, 31 Mar 2014 22:54:08 +0200
Received: from ip68-231-22-224.ph.ph.cox.net ([68.231.22.224])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <gentoo-dev@gentoo.org>; Mon, 31 Mar 2014 22:54:08 +0200
Received: from 1i5t5.duncan by ip68-231-22-224.ph.ph.cox.net with local (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <gentoo-dev@gentoo.org>; Mon, 31 Mar 2014 22:54:08 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: gentoo-dev@lists.gentoo.org
From: Duncan <1i5t5.duncan@cox.net>
Subject: [gentoo-dev] Re: sandbox access violations while running matlab binary installer
Date: Mon, 31 Mar 2014 20:53:58 +0000 (UTC)
Message-ID: <pan$2c20c$705ef86e$8461a8d9$ad58d356@cox.net>
References: 
	<CAHNvW1+dYFvezN7N2_0k1+FRJFe5wp+MReNcT3PZe2g-DZXFLQ@mail.gmail.com>
	<5339B07D.1040002@gentoo.org>
	<CAHNvW1J1ixFOUbFJQdocNi=3Lb3QQ8WH8nW_7Ek-YNJr2H=dew@mail.gmail.com>
	<bb939524-5659-4221-b61d-f8c7d2f72ce7@email.android.com>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: ip68-231-22-224.ph.ph.cox.net
User-Agent: Pan/0.140 (Chocolate Salty Balls; GIT 2ae6aff
 /usr/src/portage/src/egit-src/pan2)
X-Archives-Salt: dc71e903-540a-4e03-8c8e-c101a0a9b467
X-Archives-Hash: 04639e6b23505b056c6cc798aab94fa9

Alexandre Rostovtsev posted on Mon, 31 Mar 2014 14:54:09 -0400 as
excerpted:

> The best solution is to figure out why the directory is being created
> there and whether it is customizable. Maybe the code actually is
> creating $HOME/InstallShield? Then export HOME=${T} in your ebuild.

Well, "best" would be not to run software where the author doesn't 
respect your rights to study, patch and share the software, with or 
without those modifications, in the first place.

But understanding not everybody is prepared to go that route and it's 
their machines and life, not mine...

On the ebuild execution side, as a last resort you can turn off 
FEATURES=sandbox and perhaps FEATURES=userpriv as well, allowing it free 
access to do whatever it's going to do.

Alternatively and for both the ebuild creation and execution sides, take 
a look at /etc/sandbox.conf and the files in /etc/sandbox.d/, and grep 
SANDBOX_ in $PORTDIR/*/*/*.ebuild and $PORTDIR/eclass/*.eclass.

(Tho it's not always proprietaryware; take a look at emacs... based on 
some of the other packages that disable sandbox, I'd guess it's the lisp.)

Anyway, SANDBOX_PREDICT or SANDBOX_WRITE will probably do it in your case 
(violations not flat-out-segfaults as emacs apparently triggers), but 
SANDBOX_ON=0 is there if you REALLY need it.

Tho obviously if you were doing that ebuild for the main tree, any 
messing with sandbox isn't going to get it there any faster.  But if 
you're doing it for your own (including possibly company internal) use 
only...

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman