summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorZac Medico <zmedico@gentoo.org>2009-08-14 06:02:56 +0000
committerZac Medico <zmedico@gentoo.org>2009-08-14 06:02:56 +0000
commitf08a6765a443ed104889a3a15a4f42c3a0eece3b (patch)
tree74ae3c68503fadb4fe64364cc7fc4ce9cb9259e0
parentbdb5e16a137ee9f228d7028a2ea7f97b8f7acb09 (diff)
downloadportage-f08a6765a443ed104889a3a15a4f42c3a0eece3b.tar.gz
portage-f08a6765a443ed104889a3a15a4f42c3a0eece3b.tar.bz2
portage-f08a6765a443ed104889a3a15a4f42c3a0eece3b.zip
Replace the selinux.spawn() function with a spawn_wrapper() function and
use it inside portage._spawn_fetch() and portage.spawn(). svn path=/main/trunk/; revision=14022
-rw-r--r--pym/portage/__init__.py26
-rw-r--r--pym/portage/_selinux.py20
2 files changed, 22 insertions, 24 deletions
diff --git a/pym/portage/__init__.py b/pym/portage/__init__.py
index 94e38e4fb..46cfb9190 100644
--- a/pym/portage/__init__.py
+++ b/pym/portage/__init__.py
@@ -3870,8 +3870,8 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero
spawn_func = portage.process.spawn_sandbox
if sesandbox:
- con = selinux.settype(mysettings["PORTAGE_SANDBOX_T"])
- selinux.setexec(con)
+ spawn_func = selinux.spawn_wrapper(spawn_func,
+ mysettings["PORTAGE_SANDBOX_T"])
returnpid = keywords.get("returnpid")
keywords["returnpid"] = True
@@ -3880,8 +3880,6 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero
finally:
if logfile:
os.close(slave_fd)
- if sesandbox:
- selinux.setexec()
if returnpid:
return mypids
@@ -3956,21 +3954,17 @@ def _spawn_fetch(settings, args, **kwargs):
os.getuid() == 0 and portage_gid and portage_uid:
kwargs.update(_userpriv_spawn_kwargs)
- try:
+ spawn_func = portage.process.spawn
- if settings.selinux_enabled():
- con = selinux.settype(settings["PORTAGE_FETCH_T"])
- selinux.setexec(con)
- # bash is an allowed entrypoint, while most binaries are not
- if args[0] != BASH_BINARY:
- args = [BASH_BINARY, "-c", "exec \"$@\"", args[0]] + args
+ if settings.selinux_enabled():
+ spawn_func = selinux.spawn_wrapper(spawn_func,
+ settings["PORTAGE_FETCH_T"])
- rval = portage.process.spawn(args,
- env=dict(settings.iteritems()), **kwargs)
+ # bash is an allowed entrypoint, while most binaries are not
+ if args[0] != BASH_BINARY:
+ args = [BASH_BINARY, "-c", "exec \"$@\"", args[0]] + args
- finally:
- if settings.selinux_enabled():
- selinux.setexec()
+ rval = spawn_func(args, env=dict(settings.iteritems()), **kwargs)
return rval
diff --git a/pym/portage/_selinux.py b/pym/portage/_selinux.py
index e3c35ec5d..e91eb110c 100644
--- a/pym/portage/_selinux.py
+++ b/pym/portage/_selinux.py
@@ -73,14 +73,18 @@ def setfscreate(ctx="\n"):
raise OSError(
"setfscreate: Failed setting fs create context \"%s\"." % ctx)
-def spawn(selinux_type, spawn_func, mycommand, opt_name=None, **keywords):
- selinux_type = portage._unicode_encode(selinux_type)
- con = settype(selinux_type)
- setexec(con)
- try:
- return spawn_func(mycommand, opt_name=opt_name, **keywords)
- finally:
- setexec()
+def spawn_wrapper(spawn_func, selinux_type):
+
+ def wrapper_func(*args, **kwargs):
+ selinux_type = portage._unicode_encode(selinux_type)
+ con = settype(selinux_type)
+ setexec(con)
+ try:
+ return spawn_func(*args, **kwargs)
+ finally:
+ setexec()
+
+ return wrapper_func
def symlink(target, link, reflnk):
target = portage._unicode_encode(target)