[gentoo-commits] proj/portage:prefix commit in: man/, pym/portage/package/ebuild/, pym/portage/ - gentoo-commits

From:	Fabian Groffen <grobian@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/portage:prefix commit in: man/, pym/portage/package/ebuild/, pym/portage/
Date:	Sun, 30 Sep 2012 11:11:07
Message-Id:	`1349003375.fda43d31a566e72c03d264461e9ae07ed35077e5.grobian@gentoo`

1

commit:     fda43d31a566e72c03d264461e9ae07ed35077e5

2

Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>

3

AuthorDate: Sun Sep 30 11:06:08 2012 +0000

4

Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>

5

CommitDate: Sun Sep 30 11:09:35 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=fda43d31

7

8

seatbelt: optionally re-enable logging of sandbox violations

9

10

It may be useful to see violations logged by seatbelt, which are too

11

expensive to be enabled by default.  Allow enabling this using

12

sandbox-debug flag.

13

14

Patch by Michael Weisner, bug #430640

15

16

---

17

 man/make.conf.5                        |    6 ++++++

18

 pym/portage/const.py                   |    5 +++--

19

 pym/portage/package/ebuild/doebuild.py |    7 ++++++-

20

 3 files changed, 15 insertions(+), 3 deletions(-)

21

22

diff --git a/man/make.conf.5 b/man/make.conf.5

23

index 3253de0..1f3726d 100644

24

--- a/man/make.conf.5

25

+++ b/man/make.conf.5

26

@@ -465,6 +465,12 @@ and later), this particular sandbox implementation is used instead of

27

 sys-apps/sandbox.  Note that using Mac OS X sandbox slows down the

28

 emerge process considerably, in particular for write operations.

29

.TP

30

+.B sandbox-debug

31

+Enable debug messages regarding sandboxing. This currently only has

32

+an effect on Mac OS X platforms where it enables logging of denied

33

+access into /var/log/system.log. Note that logging is extremely slow

34

+and will slow down the emerge process considerably.

35

+.TP

36

 .B sesandbox

37

 Enable SELinux sandbox\-ing.  Do not toggle this \fBFEATURE\fR yourself.

38

.TP

39

40

diff --git a/pym/portage/const.py b/pym/portage/const.py

41

index 74cda03..b6b9493 100644

42

--- a/pym/portage/const.py

43

+++ b/pym/portage/const.py

44

@@ -79,7 +79,7 @@ MACOSSANDBOX_PROFILE     = '''(version 1)

45

46

 (allow default)

47

48

-(deny file-write* (with no-log))

49

+(deny file-write*@@LOGGING@@)

50

51

 (allow file-read* file-write*

52

   (literal

53

@@ -101,6 +101,7 @@ MACOSSANDBOX_PROFILE     = '''(version 1)

54

     #"^(/private)?/var/run/syslog$"

55

)

56

 )'''

57

+MACOSSANDBOX_NOLOG=" (with no-log)"

58

59

 PORTAGE_GROUPNAME        = portagegroup

60

 PORTAGE_USERNAME         = portageuser

61

@@ -137,7 +138,7 @@ SUPPORTED_FEATURES       = frozenset([

62

                            "noauto", "noclean", "nodoc", "noinfo", "noman",

63

                            "nostrip", "notitles", "parallel-fetch", "parallel-install",

64

                            "prelink-checksums", "preserve-libs",

65

-                           "protect-owned", "python-trace", "sandbox",

66

+                           "protect-owned", "python-trace", "sandbox", "sandbox-debug", 

67

                            "selinux", "sesandbox", "sfperms",

68

                            "sign", "skiprocheck", "split-elog", "split-log", "splitdebug",

69

                            "strict", "stricter", "suidctl", "test", "test-fail-continue",

70

71

diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py

72

index b18e192..84e4494 100644

73

--- a/pym/portage/package/ebuild/doebuild.py

74

+++ b/pym/portage/package/ebuild/doebuild.py

75

@@ -39,7 +39,7 @@ from portage import auxdbkeys, bsd_chflags, \

76

 	_shell_quote, _unicode_decode, _unicode_encode

77

 from portage.const import EBUILD_SH_ENV_FILE, EBUILD_SH_ENV_DIR, \

78

 	EBUILD_SH_BINARY, INVALID_ENV_FILE, MISC_SH_BINARY, \

79

-	EPREFIX, MACOSSANDBOX_PROFILE

80

+	EPREFIX, MACOSSANDBOX_PROFILE, MACOSSANDBOX_NOLOG

81

 from portage.data import portage_gid, portage_uid, secpass, \

82

 	uid, userpriv_groups

83

 from portage.dbapi.porttree import _parse_uri_map

84

@@ -1457,6 +1457,11 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero

85

 		sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX@@", sbprefixpath)

86

 		sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX_RE@@", sbprefixre)

87

88

+		if "sandbox-debug" in features:

89

+			sbprofile = sbprofile.replace("@@LOGGING@@", "")

90

+		else:

91

+			sbprofile = sbprofile.replace("@@LOGGING@@", MACOSSANDBOX_NOLOG)

92

+

93

 		keywords["profile"] = sbprofile

94

 		spawn_func = portage.process.spawn_macossandbox

95

 	else:

1	commit: fda43d31a566e72c03d264461e9ae07ed35077e5
2	Author: Fabian Groffen <grobian <AT> gentoo <DOT> org>
3	AuthorDate: Sun Sep 30 11:06:08 2012 +0000
4	Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org>
5	CommitDate: Sun Sep 30 11:09:35 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=fda43d31
7
8	seatbelt: optionally re-enable logging of sandbox violations
9
10	It may be useful to see violations logged by seatbelt, which are too
11	expensive to be enabled by default. Allow enabling this using
12	sandbox-debug flag.
13
14	Patch by Michael Weisner, bug #430640
15
16	---
17	man/make.conf.5 \| 6 ++++++
18	pym/portage/const.py \| 5 +++--
19	pym/portage/package/ebuild/doebuild.py \| 7 ++++++-
20	3 files changed, 15 insertions(+), 3 deletions(-)
21
22	diff --git a/man/make.conf.5 b/man/make.conf.5
23	index 3253de0..1f3726d 100644
24	--- a/man/make.conf.5
25	+++ b/man/make.conf.5
26	@@ -465,6 +465,12 @@ and later), this particular sandbox implementation is used instead of
27	sys-apps/sandbox. Note that using Mac OS X sandbox slows down the
28	emerge process considerably, in particular for write operations.
29	.TP
30	+.B sandbox-debug
31	+Enable debug messages regarding sandboxing. This currently only has
32	+an effect on Mac OS X platforms where it enables logging of denied
33	+access into /var/log/system.log. Note that logging is extremely slow
34	+and will slow down the emerge process considerably.
35	+.TP
36	.B sesandbox
37	Enable SELinux sandbox\-ing. Do not toggle this \fBFEATURE\fR yourself.
38	.TP
39
40	diff --git a/pym/portage/const.py b/pym/portage/const.py
41	index 74cda03..b6b9493 100644
42	--- a/pym/portage/const.py
43	+++ b/pym/portage/const.py
44	@@ -79,7 +79,7 @@ MACOSSANDBOX_PROFILE = '''(version 1)
45
46	(allow default)
47
48	-(deny file-write* (with no-log))
49	+(deny file-write*@@LOGGING@@)
50
51	(allow file-read* file-write*
52	(literal
53	@@ -101,6 +101,7 @@ MACOSSANDBOX_PROFILE = '''(version 1)
54	#"^(/private)?/var/run/syslog$"
55	)
56	)'''
57	+MACOSSANDBOX_NOLOG=" (with no-log)"
58
59	PORTAGE_GROUPNAME = portagegroup
60	PORTAGE_USERNAME = portageuser
61	@@ -137,7 +138,7 @@ SUPPORTED_FEATURES = frozenset([
62	"noauto", "noclean", "nodoc", "noinfo", "noman",
63	"nostrip", "notitles", "parallel-fetch", "parallel-install",
64	"prelink-checksums", "preserve-libs",
65	- "protect-owned", "python-trace", "sandbox",
66	+ "protect-owned", "python-trace", "sandbox", "sandbox-debug",
67	"selinux", "sesandbox", "sfperms",
68	"sign", "skiprocheck", "split-elog", "split-log", "splitdebug",
69	"strict", "stricter", "suidctl", "test", "test-fail-continue",
70
71	diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py
72	index b18e192..84e4494 100644
73	--- a/pym/portage/package/ebuild/doebuild.py
74	+++ b/pym/portage/package/ebuild/doebuild.py
75	@@ -39,7 +39,7 @@ from portage import auxdbkeys, bsd_chflags, \
76	_shell_quote, _unicode_decode, _unicode_encode
77	from portage.const import EBUILD_SH_ENV_FILE, EBUILD_SH_ENV_DIR, \
78	EBUILD_SH_BINARY, INVALID_ENV_FILE, MISC_SH_BINARY, \
79	- EPREFIX, MACOSSANDBOX_PROFILE
80	+ EPREFIX, MACOSSANDBOX_PROFILE, MACOSSANDBOX_NOLOG
81	from portage.data import portage_gid, portage_uid, secpass, \
82	uid, userpriv_groups
83	from portage.dbapi.porttree import _parse_uri_map
84	@@ -1457,6 +1457,11 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero
85	sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX@@", sbprefixpath)
86	sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX_RE@@", sbprefixre)
87
88	+ if "sandbox-debug" in features:
89	+ sbprofile = sbprofile.replace("@@LOGGING@@", "")
90	+ else:
91	+ sbprofile = sbprofile.replace("@@LOGGING@@", MACOSSANDBOX_NOLOG)
92	+
93	keywords["profile"] = sbprofile
94	spawn_func = portage.process.spawn_macossandbox
95	else:

Gentoo Archives: gentoo-commits