Add patch to disable sandbox ptracing

The Portage sandbox wants to invoke ptrace during the glibc installation. The ptrace syscall is not supported under qemu-user. Disabling the Portage sandbox doesn't help. Patch the sandbox to remove ptrace support. See: https://bugs.gentoo.org/648516

Add patch to disable sandbox ptracing
The Portage sandbox wants to invoke ptrace during the glibc installation. The ptrace syscall is not supported under qemu-user. Disabling the Portage sandbox doesn't help. Patch the sandbox to remove ptrace support. See: https://bugs.gentoo.org/648516
b724e502 · James T. Lee · 383b76f9 · b724e502 · b724e502
Commit b724e502 authored Jan 05, 2021 by James T. Lee
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 0 deletions

Containerfile Containerfile +1 -0

portage/patches/sys-apps/sandbox/sandbox-disable-ptrace-for-qemu-user.patch ...s-apps/sandbox/sandbox-disable-ptrace-for-qemu-user.patch +11 -0

No files found.
--- a/Containerfile
+++ b/Containerfile
@@ -18,6 +18,7 @@ COPY --from=nest-overlay / /var/db/repos/nest/
 # Update, then rebuild all packages using a custom profile
 RUN eselect profile set "nest:${PROFILE}"
 RUN emerge --info
+RUN emerge -v --oneshot sys-apps/sandbox
 RUN emerge -v --update --deep --newuse --with-bdeps=y @world
 RUN emerge --depclean
 RUN emerge -v --emptytree @world

--- a/portage/patches/sys-apps/sandbox/sandbox-disable-ptrace-for-qemu-user.patch
+++ b/portage/patches/sys-apps/sandbox/sandbox-disable-ptrace-for-qemu-user.patch
+diff -ur sandbox-2.20.orig/configure sandbox-2.20/configure
+--- sandbox-2.20.orig/configure	2021-01-05 12:01:39.035638914 -0500
+++ sandbox-2.20/configure	2021-01-05 12:02:08.995021286 -0500
+@@ -2535,7 +2535,6 @@
+ as_fn_append ac_func_list " openat64"
+ as_fn_append ac_func_list " pathconf"
+ as_fn_append ac_func_list " process_vm_readv"
+-as_fn_append ac_func_list " ptrace"
+ as_fn_append ac_func_list " realpath"
+ as_fn_append ac_func_list " remove"
+ as_fn_append ac_func_list " renameat"