diff options
author | Zac Medico <zmedico@gentoo.org> | 2008-07-31 00:59:31 +0000 |
---|---|---|
committer | Zac Medico <zmedico@gentoo.org> | 2008-07-31 00:59:31 +0000 |
commit | fb8195e367cbe31922250e7505227dd9cb27d1b2 (patch) | |
tree | a2f25f0d9f5756743b2b65b77e64f5da99915b13 | |
parent | 0074417f686b1760a8ad34a18bffc01f16fbba7d (diff) | |
download | portage-fb8195e367cbe31922250e7505227dd9cb27d1b2.tar.gz portage-fb8195e367cbe31922250e7505227dd9cb27d1b2.tar.bz2 portage-fb8195e367cbe31922250e7505227dd9cb27d1b2.zip |
Split out a _spawn_fetch() function that will be useful for implementing a
userpriv testcase for bug #233303.
svn path=/main/trunk/; revision=11289
-rw-r--r-- | pym/portage/__init__.py | 78 |
1 files changed, 49 insertions, 29 deletions
diff --git a/pym/portage/__init__.py b/pym/portage/__init__.py index d489891ee..5dae685d6 100644 --- a/pym/portage/__init__.py +++ b/pym/portage/__init__.py @@ -3147,6 +3147,54 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero return retval >> 8 return retval +_userpriv_spawn_kwargs = ( + ("uid", portage_uid), + ("gid", portage_gid), + ("groups", userpriv_groups), + ("umask", 002), +) + +def _spawn_fetch(settings, args, **kwargs): + """ + Spawn a process with appropriate settings for fetching, including + userfetch and selinux support. + """ + + global _userpriv_spawn_kwargs + + # Redirect all output to stdout since some fetchers like + # wget pollute stderr (if portage detects a problem then it + # can send it's own message to stderr). + if "fd_pipes" not in kwargs: + + kwargs["fd_pipes"] = { + 0 : sys.stdin.fileno(), + 1 : sys.stdout.fileno(), + 2 : sys.stdout.fileno(), + } + + if "userfetch" in settings.features and \ + os.getuid() == 0 and portage_gid and portage_uid: + kwargs.update(_userpriv_spawn_kwargs) + + try: + + if settings.selinux_enabled(): + con = selinux.getcontext() + con = con.replace(settings["PORTAGE_T"], settings["PORTAGE_FETCH_T"]) + selinux.setexec(con) + # bash is an allowed entrypoint, while most binaries are not + args = [BASH_BINARY, "-c", "exec \"$@\"", args[0]] + args + + rval = portage.process.spawn(args, + env=dict(settings.iteritems()), **kwargs) + + finally: + if settings.selinux_enabled(): + selinux.setexec(None) + + return rval + def _checksum_failure_temp_file(distdir, basename): """ First try to find a duplicate temp file with the same checksum and return @@ -3820,38 +3868,10 @@ def fetch(myuris, mysettings, listonly=0, fetchonly=0, locks_in_subdir=".locks", lexer = shlex.shlex(StringIO.StringIO(locfetch), posix=True) lexer.whitespace_split = True myfetch = [varexpand(x, mydict=variables) for x in lexer] - - spawn_keywords = {} - # Redirect all output to stdout since some fetchers like - # wget pollute stderr (if portage detects a problem then it - # can send it's own message to stderr). - spawn_keywords["fd_pipes"] = { - 0:sys.stdin.fileno(), - 1:sys.stdout.fileno(), - 2:sys.stdout.fileno() - } - if "userfetch" in mysettings.features and \ - os.getuid() == 0 and portage_gid and portage_uid: - spawn_keywords.update({ - "uid" : portage_uid, - "gid" : portage_gid, - "groups" : userpriv_groups, - "umask" : 002}) myret = -1 try: - if mysettings.selinux_enabled(): - con = selinux.getcontext() - con = con.replace(mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"]) - selinux.setexec(con) - # bash is an allowed entrypoint, while most binaries are not - myfetch = ["bash", "-c", "exec \"$@\"", myfetch[0]] + myfetch - - myret = portage.process.spawn(myfetch, - env=dict(mysettings.iteritems()), **spawn_keywords) - - if mysettings.selinux_enabled(): - selinux.setexec(None) + myret = _spawn_fetch(mysettings, myfetch) finally: try: |