[gentoo-commits] repo/gentoo:master commit in: sys-libs/librtas/

[Georgy Yakovlev]

commit:     56132fca92886544d383f81dffce62f54f56b481
Author:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 15 00:35:30 2021 +0000
Commit:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
CommitDate: Mon Nov 15 00:40:24 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56132fca

sys-libs/librtas: revbump, add sandbox predict for /var/lock/LCK..librtas

otherwise lscpu from util-linux linked to librtas triggers sandbox
viulation

F: open_wr
S: deny
P: /var/lock/LCK..librtas
A: /var/lock/LCK..librtas
R: /run/lock/LCK..librtas
C: lscpu

Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org>

 sys-libs/librtas/{librtas-2.0.2-r1.ebuild => librtas-2.0.2-r2.ebuild} | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sys-libs/librtas/librtas-2.0.2-r1.ebuild 
b/sys-libs/librtas/librtas-2.0.2-r2.ebuild
similarity index 73%
rename from sys-libs/librtas/librtas-2.0.2-r1.ebuild
rename to sys-libs/librtas/librtas-2.0.2-r2.ebuild
index 61863ff24d39..f43d44b267f5 100644
--- a/sys-libs/librtas/librtas-2.0.2-r1.ebuild
+++ b/sys-libs/librtas/librtas-2.0.2-r2.ebuild
@@ -27,4 +27,8 @@ src_configure() {
 src_install() {
        emake DESTDIR="${D}" install docdir="${EPREFIX}"/usr/share/doc/${PF}
        find "${D}" -name '*.la' -delete || die
+       # librtas_src/syscall_rmo.c: static const char *lockfile_path = 
"/var/lock/LCK..librtas";
+       # this way we prevent sandbox violations in lscpu linked to rtas
+       dodir /etc/sandbox.d
+       echo 'SANDBOX_PREDICT="/run/lock/LCK..librtas"' > 
"${ED}"/etc/sandbox.d/50librtas || die
 }