1 |
Since SELinux does not allow LD_PRELOAD across domain transitions. |
2 |
disable the LD_PRELOAD sandbox for preinst_selinux_labels. |
3 |
|
4 |
Bug: https://bugs.gentoo.org/655996 |
5 |
--- |
6 |
pym/_emerge/EbuildPhase.py | 37 +++++++++++++++++++++++++++++++++- |
7 |
pym/_emerge/MiscFunctionsProcess.py | 6 +++++- |
8 |
pym/portage/package/ebuild/doebuild.py | 26 +++++++++++++++++------- |
9 |
3 files changed, 60 insertions(+), 9 deletions(-) |
10 |
|
11 |
diff --git a/pym/_emerge/EbuildPhase.py b/pym/_emerge/EbuildPhase.py |
12 |
index 890b17870..9795bec13 100644 |
13 |
--- a/pym/_emerge/EbuildPhase.py |
14 |
+++ b/pym/_emerge/EbuildPhase.py |
15 |
@@ -275,7 +275,7 @@ class EbuildPhase(CompositeTask): |
16 |
# when FEATURES=compress-build-logs is enabled. |
17 |
fd, logfile = tempfile.mkstemp() |
18 |
os.close(fd) |
19 |
- post_phase = MiscFunctionsProcess(background=self.background, |
20 |
+ post_phase = _PostPhaseCommands(background=self.background, |
21 |
commands=post_phase_cmds, fd_pipes=self.fd_pipes, |
22 |
logfile=logfile, phase=self.phase, scheduler=self.scheduler, |
23 |
settings=settings) |
24 |
@@ -405,3 +405,38 @@ class EbuildPhase(CompositeTask): |
25 |
log_path = self.settings.get("PORTAGE_LOG_FILE") |
26 |
self.scheduler.output(msg, log_path=log_path, |
27 |
background=background) |
28 |
+ |
29 |
+ |
30 |
+class _PostPhaseCommands(CompositeTask): |
31 |
+ |
32 |
+ __slots__ = ("fd_pipes", "logfile", "phase", "settings", "commands", |
33 |
+ "_remaining_cmds") |
34 |
+ |
35 |
+ def _start(self): |
36 |
+ if isinstance(self.commands, list): |
37 |
+ self._remaining_cmds = [({}, self.commands)] |
38 |
+ else: |
39 |
+ self._remaining_cmds = list(reversed(self.commands)) |
40 |
+ |
41 |
+ if 'selinux' not in self.settings.features: |
42 |
+ self._remaining_cmds = [(kwargs, commands) for kwargs, commands in |
43 |
+ self._remaining_cmds if not kwargs.get('selinux_only')] |
44 |
+ |
45 |
+ self._start_phase_cmds() |
46 |
+ |
47 |
+ def _start_phase_cmds(self, previous=None): |
48 |
+ if previous is not None: |
49 |
+ if not self._remaining_cmds: |
50 |
+ self._default_final_exit(previous) |
51 |
+ self._async_wait() |
52 |
+ return |
53 |
+ elif self._default_exit(previous) != os.EX_OK: |
54 |
+ self._async_wait() |
55 |
+ return |
56 |
+ |
57 |
+ kwargs, commands = self._remaining_cmds.pop() |
58 |
+ |
59 |
+ self._start_task(MiscFunctionsProcess(background=self.background, |
60 |
+ commands=commands, fd_pipes=self.fd_pipes, |
61 |
+ logfile=self.logfile, phase=self.phase, scheduler=self.scheduler, |
62 |
+ settings=self.settings, **kwargs), self._start_phase_cmds) |
63 |
diff --git a/pym/_emerge/MiscFunctionsProcess.py b/pym/_emerge/MiscFunctionsProcess.py |
64 |
index 99cf5983f..89fd22635 100644 |
65 |
--- a/pym/_emerge/MiscFunctionsProcess.py |
66 |
+++ b/pym/_emerge/MiscFunctionsProcess.py |
67 |
@@ -13,7 +13,7 @@ class MiscFunctionsProcess(AbstractEbuildProcess): |
68 |
Spawns misc-functions.sh with an existing ebuild environment. |
69 |
""" |
70 |
|
71 |
- __slots__ = ('commands',) |
72 |
+ __slots__ = ('commands', 'ld_preload_sandbox') |
73 |
|
74 |
def _start(self): |
75 |
settings = self.settings |
76 |
@@ -29,6 +29,10 @@ class MiscFunctionsProcess(AbstractEbuildProcess): |
77 |
AbstractEbuildProcess._start(self) |
78 |
|
79 |
def _spawn(self, args, **kwargs): |
80 |
+ # If self.ld_preload_sandbox is None, default to free=False, |
81 |
+ # in alignment with the spawn(free=False) default. |
82 |
+ kwargs.setdefault('free', False if self.ld_preload_sandbox is None |
83 |
+ else not self.ld_preload_sandbox) |
84 |
|
85 |
if self._dummy_pipe_fd is not None: |
86 |
self.settings["PORTAGE_PIPE_FD"] = str(self._dummy_pipe_fd) |
87 |
diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py |
88 |
index 31b552ff3..499492b94 100644 |
89 |
--- a/pym/portage/package/ebuild/doebuild.py |
90 |
+++ b/pym/portage/package/ebuild/doebuild.py |
91 |
@@ -1722,13 +1722,25 @@ _post_phase_cmds = { |
92 |
"install_symlink_html_docs", |
93 |
"install_hooks"], |
94 |
|
95 |
- "preinst" : [ |
96 |
- "preinst_sfperms", |
97 |
- "preinst_selinux_labels", |
98 |
- "preinst_suid_scan", |
99 |
- "preinst_qa_check", |
100 |
- ], |
101 |
- |
102 |
+ "preinst" : ( |
103 |
+ ( |
104 |
+ { |
105 |
+ "ld_preload_sandbox": False, |
106 |
+ "selinux_only": True, |
107 |
+ }, |
108 |
+ [ |
109 |
+ "preinst_selinux_labels", |
110 |
+ ], |
111 |
+ ), |
112 |
+ ( |
113 |
+ {}, |
114 |
+ [ |
115 |
+ "preinst_sfperms", |
116 |
+ "preinst_suid_scan", |
117 |
+ "preinst_qa_check", |
118 |
+ ], |
119 |
+ ), |
120 |
+ ), |
121 |
"postinst" : [ |
122 |
"postinst_qa_check"], |
123 |
} |
124 |
-- |
125 |
2.13.6 |