-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Building sys-apps/sandbox with -flto disables sandbox functionality #347
Comments
Are you sure you are running the commands correctly?
|
this seems to be happen to me too : sudo su
|
with no lto : cd /usr/local/
|
Yes. sandbox should prevent that action regardless of permission. The example I gave was to demonstrate the issue for any user. But even as root, something trivial like this should suffice:
With a functioning sandbox, you get:
But when sandbox is built with lto, the command succeeds and the file is created. |
Tried as well (tried both built with gcc 8.3 and gcc 9.1 on a system where nothing else is built with lto), I get the same results. I'm amazed this issue exist to be honest, it's a pretty bad deal. |
I can reproduce with every version of |
Confirmed! |
Wow, that's a pretty serious one. |
I came across this while trying to figure out why a testcase that was supposed to fail due to a problem with sandbox was succeeding. sys-apps/sandbox will build with
-flto
without issue. But it will not adequately function to prevent sandbox access violations or report them. This can be tested by starting a sandbox shell and trying to create a file outside of it, eg.:When built without
-flto
flags, you getPermission denied
. But if built with-flto
, the command succeeds without error.The text was updated successfully, but these errors were encountered: