diff options
| author | Zac Medico <zmedico@gentoo.org> | 2007-05-22 13:20:54 +0000 |
|---|---|---|
| committer | Zac Medico <zmedico@gentoo.org> | 2007-05-22 13:20:54 +0000 |
| commit | 262d3d812babb46bed6cc3b4b14171526151f231 (patch) | |
| tree | 3ec5c9ce3cfe357a8d9f5b173644d5a84f3225b3 | |
| parent | 50c0a9e34c0ec837b1c21bef5b6e27a7a9334eec (diff) | |
| download | portage-262d3d812babb46bed6cc3b4b14171526151f231.tar.gz portage-262d3d812babb46bed6cc3b4b14171526151f231.tar.bz2 portage-262d3d812babb46bed6cc3b4b14171526151f231.zip | |
Use bash to spawn FETCHCOMMAND under selinux since most other binaries are forbidden as entrypoints into the fetch domain. Thanks to Justin Heesemann <jh@ionium.org> for reporting. (trunk r6565:6566)
svn path=/main/branches/2.1.2/; revision=6577
| -rw-r--r-- | pym/portage.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/pym/portage.py b/pym/portage.py index 0abaf3126..8df84d5b5 100644 --- a/pym/portage.py +++ b/pym/portage.py @@ -2595,6 +2595,8 @@ def fetch(myuris, mysettings, listonly=0, fetchonly=0, locks_in_subdir=".locks", con = selinux.getcontext() con = con.replace(mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"]) selinux.setexec(con) + # bash is an allowed entrypoint, while most binaries are not + myfetch = ["bash", "-c", "exec \"$@\"", myfetch[0]] + myfetch myret = portage_exec.spawn(myfetch, env=mysettings.environ(), **spawn_keywords) |