diff options
author | Zac Medico <zmedico@gentoo.org> | 2006-03-16 06:39:10 +0000 |
---|---|---|
committer | Zac Medico <zmedico@gentoo.org> | 2006-03-16 06:39:10 +0000 |
commit | f73f7adf494fcae968c76a754dc1c56294b1293a (patch) | |
tree | 2105715f53e4a78a7fb1e2056752aacbc80b6644 | |
parent | 8707f2c165af4db2b6fe5c20a6226128d3e71fdc (diff) | |
download | portage-f73f7adf494fcae968c76a754dc1c56294b1293a.tar.gz portage-f73f7adf494fcae968c76a754dc1c56294b1293a.tar.bz2 portage-f73f7adf494fcae968c76a754dc1c56294b1293a.zip |
Revert a hunk from r2834 because PORTAGE_SANDBOX_T is used incorrectly where PORTAGE_FETCH_T should be used for selinux fetch. Thanks to spb for reporting.
svn path=/main/trunk/; revision=2906
-rw-r--r-- | pym/portage.py | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/pym/portage.py b/pym/portage.py index 2aace4c45..cf76952d0 100644 --- a/pym/portage.py +++ b/pym/portage.py @@ -1928,9 +1928,14 @@ def fetch(myuris, mysettings, listonly=0, fetchonly=0, locks_in_subdir=".locks", myfetch=string.replace(locfetch,"${URI}",loc) myfetch=string.replace(myfetch,"${FILE}",myfile) try: - myret = spawn(myfetch, mysettings, free=1, - droppriv=("userfetch" in mysettings.features), - sesandbox=selinux_enabled) + if selinux_enabled: + con = selinux.getcontext() + con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"]) + selinux.setexec(con) + myret = spawn(myfetch, mysettings, free=1, droppriv=("userfetch" in mysettings.features)) + selinux.setexec(None) + else: + myret = spawn(myfetch, mysettings, free=1, droppriv=("userfetch" in mysettings.features)) finally: #if root, -always- set the perms. if os.path.exists(mysettings["DISTDIR"]+"/"+myfile) and (fetched != 1 or os.getuid() == 0) \ |