summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorZac Medico <zmedico@gentoo.org>2007-05-22 05:26:33 +0000
committerZac Medico <zmedico@gentoo.org>2007-05-22 05:26:33 +0000
commitb37379d42e58bd5628feeaa0f06390e4c697efad (patch)
tree570c0fc015f9dad3079c29de8df380d9bb3801fe
parent75f4fd5ae2be58e5ebced49d1c70574b547fd2d7 (diff)
downloadportage-b37379d42e58bd5628feeaa0f06390e4c697efad.tar.gz
portage-b37379d42e58bd5628feeaa0f06390e4c697efad.tar.bz2
portage-b37379d42e58bd5628feeaa0f06390e4c697efad.zip
Use bash to spawn FETCHCOMMAND under selinux since most other binaries are forbidden as entrypoints into the fetch domain. Thanks to Justin Heesemann <jh@ionium.org> for reporting.
svn path=/main/trunk/; revision=6566
-rw-r--r--pym/portage/__init__.py2
1 files changed, 2 insertions, 0 deletions
diff --git a/pym/portage/__init__.py b/pym/portage/__init__.py
index 664f0a7d7..171806f7a 100644
--- a/pym/portage/__init__.py
+++ b/pym/portage/__init__.py
@@ -2687,6 +2687,8 @@ def fetch(myuris, mysettings, listonly=0, fetchonly=0, locks_in_subdir=".locks",
con = selinux.getcontext()
con = con.replace(mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"])
selinux.setexec(con)
+ # bash is an allowed entrypoint, while most binaries are not
+ myfetch = ["bash", "-c", "exec \"$@\"", myfetch[0]] + myfetch
myret = portage.process.spawn(myfetch,
env=mysettings.environ(), **spawn_keywords)