aboutsummaryrefslogtreecommitdiff
blob: f216092420da188fa3a80c0030f507112c6ee0d0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# Default configuration for non-set values
#
# As stated in sandbox.conf, any value in here do not get used if the variable
# is already present in the environment.  All rules of the ACCESS Section
# applies here.
#
# Also note that SANDBOX_WORKDIR is a special variable that is just set if
# sandbox is run interactive (ie, no commandline options), and points to the
# current directory.

# Normally the whole filesystem should be readable
SANDBOX_READ="/"

# Finally add current directory if interactive
SANDBOX_WRITE="${SANDBOX_WORKDIR}"
# Needed for configure tests
SANDBOX_WRITE="/usr/tmp/conftest:/usr/lib/conftest:/usr/lib32/conftest:/usr/lib64/conftest:/usr/tmp/cf:/usr/lib/cf:/usr/lib32/cf:/usr/lib64/cf"

# Usually writes in /home should not cause violations
SANDBOX_PREDICT="${HOME}"


#
# The following should be moved to respective packages
#

# This should be handled by gnome-base/gconf
SANDBOX_WRITE="${HOME}/.gconfd/lock"
# This should be handled by app-text/scrollkeeper
SANDBOX_WRITE="/var/log/scrollkeeper.log"

# These should be handled by dev-lang/python or sys-apps/portage
SANDBOX_PREDICT="/usr/lib/python2.0/:/usr/lib/python2.1/:/usr/lib/python2.2/:/usr/lib/python2.3/:/usr/lib/python2.4/:/usr/lib/python2.5/:/usr/lib/python3.0/"
# These should be handled by sys-libs/nss-db
SANDBOX_PREDICT="/var/db/aliases.db:/var/db/netgroup.db:/var/db/netmasks.db:/var/db/ethers.db:/var/db/rpc.db:/var/db/protocols.db:/var/db/services.db:/var/db/networks.db:/var/db/hosts.db:/var/db/group.db:/var/db/passwd.db"