diff options
author | Zac Medico <zmedico@gentoo.org> | 2007-05-22 05:26:33 +0000 |
---|---|---|
committer | Zac Medico <zmedico@gentoo.org> | 2007-05-22 05:26:33 +0000 |
commit | b37379d42e58bd5628feeaa0f06390e4c697efad (patch) | |
tree | 570c0fc015f9dad3079c29de8df380d9bb3801fe | |
parent | 75f4fd5ae2be58e5ebced49d1c70574b547fd2d7 (diff) | |
download | portage-b37379d42e58bd5628feeaa0f06390e4c697efad.tar.gz portage-b37379d42e58bd5628feeaa0f06390e4c697efad.tar.bz2 portage-b37379d42e58bd5628feeaa0f06390e4c697efad.zip |
Use bash to spawn FETCHCOMMAND under selinux since most other binaries are forbidden as entrypoints into the fetch domain. Thanks to Justin Heesemann <jh@ionium.org> for reporting.
svn path=/main/trunk/; revision=6566
-rw-r--r-- | pym/portage/__init__.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/pym/portage/__init__.py b/pym/portage/__init__.py index 664f0a7d7..171806f7a 100644 --- a/pym/portage/__init__.py +++ b/pym/portage/__init__.py @@ -2687,6 +2687,8 @@ def fetch(myuris, mysettings, listonly=0, fetchonly=0, locks_in_subdir=".locks", con = selinux.getcontext() con = con.replace(mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"]) selinux.setexec(con) + # bash is an allowed entrypoint, while most binaries are not + myfetch = ["bash", "-c", "exec \"$@\"", myfetch[0]] + myfetch myret = portage.process.spawn(myfetch, env=mysettings.environ(), **spawn_keywords) |