1 |
Author: zmedico |
2 |
Date: 2008-07-31 00:59:31 +0000 (Thu, 31 Jul 2008) |
3 |
New Revision: 11289 |
4 |
|
5 |
Modified: |
6 |
main/trunk/pym/portage/__init__.py |
7 |
Log: |
8 |
Split out a _spawn_fetch() function that will be useful for implementing a |
9 |
userpriv testcase for bug #233303. |
10 |
|
11 |
|
12 |
Modified: main/trunk/pym/portage/__init__.py |
13 |
=================================================================== |
14 |
--- main/trunk/pym/portage/__init__.py 2008-07-30 22:24:16 UTC (rev 11288) |
15 |
+++ main/trunk/pym/portage/__init__.py 2008-07-31 00:59:31 UTC (rev 11289) |
16 |
@@ -3147,6 +3147,54 @@ |
17 |
return retval >> 8 |
18 |
return retval |
19 |
|
20 |
+_userpriv_spawn_kwargs = ( |
21 |
+ ("uid", portage_uid), |
22 |
+ ("gid", portage_gid), |
23 |
+ ("groups", userpriv_groups), |
24 |
+ ("umask", 002), |
25 |
+) |
26 |
+ |
27 |
+def _spawn_fetch(settings, args, **kwargs): |
28 |
+ """ |
29 |
+ Spawn a process with appropriate settings for fetching, including |
30 |
+ userfetch and selinux support. |
31 |
+ """ |
32 |
+ |
33 |
+ global _userpriv_spawn_kwargs |
34 |
+ |
35 |
+ # Redirect all output to stdout since some fetchers like |
36 |
+ # wget pollute stderr (if portage detects a problem then it |
37 |
+ # can send it's own message to stderr). |
38 |
+ if "fd_pipes" not in kwargs: |
39 |
+ |
40 |
+ kwargs["fd_pipes"] = { |
41 |
+ 0 : sys.stdin.fileno(), |
42 |
+ 1 : sys.stdout.fileno(), |
43 |
+ 2 : sys.stdout.fileno(), |
44 |
+ } |
45 |
+ |
46 |
+ if "userfetch" in settings.features and \ |
47 |
+ os.getuid() == 0 and portage_gid and portage_uid: |
48 |
+ kwargs.update(_userpriv_spawn_kwargs) |
49 |
+ |
50 |
+ try: |
51 |
+ |
52 |
+ if settings.selinux_enabled(): |
53 |
+ con = selinux.getcontext() |
54 |
+ con = con.replace(settings["PORTAGE_T"], settings["PORTAGE_FETCH_T"]) |
55 |
+ selinux.setexec(con) |
56 |
+ # bash is an allowed entrypoint, while most binaries are not |
57 |
+ args = [BASH_BINARY, "-c", "exec \"$@\"", args[0]] + args |
58 |
+ |
59 |
+ rval = portage.process.spawn(args, |
60 |
+ env=dict(settings.iteritems()), **kwargs) |
61 |
+ |
62 |
+ finally: |
63 |
+ if settings.selinux_enabled(): |
64 |
+ selinux.setexec(None) |
65 |
+ |
66 |
+ return rval |
67 |
+ |
68 |
def _checksum_failure_temp_file(distdir, basename): |
69 |
""" |
70 |
First try to find a duplicate temp file with the same checksum and return |
71 |
@@ -3820,39 +3868,11 @@ |
72 |
lexer = shlex.shlex(StringIO.StringIO(locfetch), posix=True) |
73 |
lexer.whitespace_split = True |
74 |
myfetch = [varexpand(x, mydict=variables) for x in lexer] |
75 |
- |
76 |
- spawn_keywords = {} |
77 |
- # Redirect all output to stdout since some fetchers like |
78 |
- # wget pollute stderr (if portage detects a problem then it |
79 |
- # can send it's own message to stderr). |
80 |
- spawn_keywords["fd_pipes"] = { |
81 |
- 0:sys.stdin.fileno(), |
82 |
- 1:sys.stdout.fileno(), |
83 |
- 2:sys.stdout.fileno() |
84 |
- } |
85 |
- if "userfetch" in mysettings.features and \ |
86 |
- os.getuid() == 0 and portage_gid and portage_uid: |
87 |
- spawn_keywords.update({ |
88 |
- "uid" : portage_uid, |
89 |
- "gid" : portage_gid, |
90 |
- "groups" : userpriv_groups, |
91 |
- "umask" : 002}) |
92 |
myret = -1 |
93 |
try: |
94 |
|
95 |
- if mysettings.selinux_enabled(): |
96 |
- con = selinux.getcontext() |
97 |
- con = con.replace(mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"]) |
98 |
- selinux.setexec(con) |
99 |
- # bash is an allowed entrypoint, while most binaries are not |
100 |
- myfetch = ["bash", "-c", "exec \"$@\"", myfetch[0]] + myfetch |
101 |
+ myret = _spawn_fetch(mysettings, myfetch) |
102 |
|
103 |
- myret = portage.process.spawn(myfetch, |
104 |
- env=dict(mysettings.iteritems()), **spawn_keywords) |
105 |
- |
106 |
- if mysettings.selinux_enabled(): |
107 |
- selinux.setexec(None) |
108 |
- |
109 |
finally: |
110 |
try: |
111 |
apply_secpass_permissions(myfile_path, |