summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorZac Medico <zmedico@gentoo.org>2008-07-31 00:59:31 +0000
committerZac Medico <zmedico@gentoo.org>2008-07-31 00:59:31 +0000
commitfb8195e367cbe31922250e7505227dd9cb27d1b2 (patch)
treea2f25f0d9f5756743b2b65b77e64f5da99915b13
parent0074417f686b1760a8ad34a18bffc01f16fbba7d (diff)
downloadportage-fb8195e367cbe31922250e7505227dd9cb27d1b2.tar.gz
portage-fb8195e367cbe31922250e7505227dd9cb27d1b2.tar.bz2
portage-fb8195e367cbe31922250e7505227dd9cb27d1b2.zip
Split out a _spawn_fetch() function that will be useful for implementing a
userpriv testcase for bug #233303. svn path=/main/trunk/; revision=11289
-rw-r--r--pym/portage/__init__.py78
1 files changed, 49 insertions, 29 deletions
diff --git a/pym/portage/__init__.py b/pym/portage/__init__.py
index d489891ee..5dae685d6 100644
--- a/pym/portage/__init__.py
+++ b/pym/portage/__init__.py
@@ -3147,6 +3147,54 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero
return retval >> 8
return retval
+_userpriv_spawn_kwargs = (
+ ("uid", portage_uid),
+ ("gid", portage_gid),
+ ("groups", userpriv_groups),
+ ("umask", 002),
+)
+
+def _spawn_fetch(settings, args, **kwargs):
+ """
+ Spawn a process with appropriate settings for fetching, including
+ userfetch and selinux support.
+ """
+
+ global _userpriv_spawn_kwargs
+
+ # Redirect all output to stdout since some fetchers like
+ # wget pollute stderr (if portage detects a problem then it
+ # can send it's own message to stderr).
+ if "fd_pipes" not in kwargs:
+
+ kwargs["fd_pipes"] = {
+ 0 : sys.stdin.fileno(),
+ 1 : sys.stdout.fileno(),
+ 2 : sys.stdout.fileno(),
+ }
+
+ if "userfetch" in settings.features and \
+ os.getuid() == 0 and portage_gid and portage_uid:
+ kwargs.update(_userpriv_spawn_kwargs)
+
+ try:
+
+ if settings.selinux_enabled():
+ con = selinux.getcontext()
+ con = con.replace(settings["PORTAGE_T"], settings["PORTAGE_FETCH_T"])
+ selinux.setexec(con)
+ # bash is an allowed entrypoint, while most binaries are not
+ args = [BASH_BINARY, "-c", "exec \"$@\"", args[0]] + args
+
+ rval = portage.process.spawn(args,
+ env=dict(settings.iteritems()), **kwargs)
+
+ finally:
+ if settings.selinux_enabled():
+ selinux.setexec(None)
+
+ return rval
+
def _checksum_failure_temp_file(distdir, basename):
"""
First try to find a duplicate temp file with the same checksum and return
@@ -3820,38 +3868,10 @@ def fetch(myuris, mysettings, listonly=0, fetchonly=0, locks_in_subdir=".locks",
lexer = shlex.shlex(StringIO.StringIO(locfetch), posix=True)
lexer.whitespace_split = True
myfetch = [varexpand(x, mydict=variables) for x in lexer]
-
- spawn_keywords = {}
- # Redirect all output to stdout since some fetchers like
- # wget pollute stderr (if portage detects a problem then it
- # can send it's own message to stderr).
- spawn_keywords["fd_pipes"] = {
- 0:sys.stdin.fileno(),
- 1:sys.stdout.fileno(),
- 2:sys.stdout.fileno()
- }
- if "userfetch" in mysettings.features and \
- os.getuid() == 0 and portage_gid and portage_uid:
- spawn_keywords.update({
- "uid" : portage_uid,
- "gid" : portage_gid,
- "groups" : userpriv_groups,
- "umask" : 002})
myret = -1
try:
- if mysettings.selinux_enabled():
- con = selinux.getcontext()
- con = con.replace(mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"])
- selinux.setexec(con)
- # bash is an allowed entrypoint, while most binaries are not
- myfetch = ["bash", "-c", "exec \"$@\"", myfetch[0]] + myfetch
-
- myret = portage.process.spawn(myfetch,
- env=dict(mysettings.iteritems()), **spawn_keywords)
-
- if mysettings.selinux_enabled():
- selinux.setexec(None)
+ myret = _spawn_fetch(mysettings, myfetch)
finally:
try: