[gentoo-pms] [PATCH] pkg-mgr-commands.tex: Sandbox commands accept any file

public inbox for gentoo-pms@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-pms] [PATCH] pkg-mgr-commands.tex: Sandbox commands accept any file
@ 2023-12-24 13:13 Ulrich Müller
  2023-12-24 13:40 ` James Le Cuirot
  0 siblings, 1 reply; 2+ messages in thread
From: Ulrich Müller @ 2023-12-24 13:13 UTC (permalink / raw
  To: gentoo-pms; +Cc: Ulrich Müller

The sandbox commands addread, addwrite, addpredict and adddeny can
accept not only directories, but also other files like regular files
or device nodes.

This behaviour is supported by all three package managers. Also, the
sandbox's default configuration relies on it (e.g. "/dev/null" and
"${HOME}/.bash_history" in /etc/sandbox.conf), and it is widely used
in the Gentoo repository.

Signed-off-by: Ulrich Müller <ulm@gentoo.org>
---
 pkg-mgr-commands.tex | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkg-mgr-commands.tex b/pkg-mgr-commands.tex
index b6113f6..2202b64 100644
--- a/pkg-mgr-commands.tex
+++ b/pkg-mgr-commands.tex
@@ -89,14 +89,14 @@ called, the package manager must abort the build process indicating an error.
 \end{centertable}
 
 \subsection{Sandbox commands}
-These commands affect the behaviour of the sandbox. Each command takes a single directory as
-argument. Ebuilds must not run any of these commands once the current phase function has returned.
+These commands affect the behaviour of the sandbox. Each command takes a single path as argument.
+Ebuilds must not run any of these commands once the current phase function has returned.
 \begin{description}
-\item[addread] Add a directory to the permitted read list.
-\item[addwrite] Add a directory to the permitted write list.
-\item[addpredict] Add a directory to the predict list. Any write to a location in this list will be
+\item[addread] Add a path to the permitted read list.
+\item[addwrite] Add a path to the permitted write list.
+\item[addpredict] Add a path to the predict list. Any write to a location in this list will be
     denied, but will not trigger access violation messages or abort the build process.
-\item[adddeny] Add a directory to the deny list.
+\item[adddeny] Add a path to the deny list.
 \end{description}
 
 \subsection{Package manager query commands}
-- 
2.43.0



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [gentoo-pms] [PATCH] pkg-mgr-commands.tex: Sandbox commands accept any file
  2023-12-24 13:13 [gentoo-pms] [PATCH] pkg-mgr-commands.tex: Sandbox commands accept any file Ulrich Müller
@ 2023-12-24 13:40 ` James Le Cuirot
  0 siblings, 0 replies; 2+ messages in thread
From: James Le Cuirot @ 2023-12-24 13:40 UTC (permalink / raw
  To: gentoo-pms

[-- Attachment #1: Type: text/plain, Size: 2084 bytes --]

On Sun, 2023-12-24 at 14:13 +0100, Ulrich Müller wrote:
> The sandbox commands addread, addwrite, addpredict and adddeny can
> accept not only directories, but also other files like regular files
> or device nodes.
> 
> This behaviour is supported by all three package managers. Also, the
> sandbox's default configuration relies on it (e.g. "/dev/null" and
> "${HOME}/.bash_history" in /etc/sandbox.conf), and it is widely used
> in the Gentoo repository.
> 
> Signed-off-by: Ulrich Müller <ulm@gentoo.org>
> ---
>  pkg-mgr-commands.tex | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/pkg-mgr-commands.tex b/pkg-mgr-commands.tex
> index b6113f6..2202b64 100644
> --- a/pkg-mgr-commands.tex
> +++ b/pkg-mgr-commands.tex
> @@ -89,14 +89,14 @@ called, the package manager must abort the build process indicating an error.
>  \end{centertable}
>  
>  \subsection{Sandbox commands}
> -These commands affect the behaviour of the sandbox. Each command takes a single directory as
> -argument. Ebuilds must not run any of these commands once the current phase function has returned.
> +These commands affect the behaviour of the sandbox. Each command takes a single path as argument.
> +Ebuilds must not run any of these commands once the current phase function has returned.
>  \begin{description}
> -\item[addread] Add a directory to the permitted read list.
> -\item[addwrite] Add a directory to the permitted write list.
> -\item[addpredict] Add a directory to the predict list. Any write to a location in this list will be
> +\item[addread] Add a path to the permitted read list.
> +\item[addwrite] Add a path to the permitted write list.
> +\item[addpredict] Add a path to the predict list. Any write to a location in this list will be
>      denied, but will not trigger access violation messages or abort the build process.
> -\item[adddeny] Add a directory to the deny list.
> +\item[adddeny] Add a path to the deny list.
>  \end{description}
>  
>  \subsection{Package manager query commands}

Ack

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 858 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-12-24 13:40 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-24 13:13 [gentoo-pms] [PATCH] pkg-mgr-commands.tex: Sandbox commands accept any file Ulrich Müller
2023-12-24 13:40 ` James Le Cuirot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox