diff options
| author | Zac Medico <zmedico@gentoo.org> | 2009-06-21 22:01:50 +0000 |
|---|---|---|
| committer | Zac Medico <zmedico@gentoo.org> | 2009-06-21 22:01:50 +0000 |
| commit | cb434991ee327850cfeae8fdfb64e7aafc32ab66 (patch) | |
| tree | 92a42f927f00ed4e0c37e76d9af4cd779f4d6985 /pym/portage/cache | |
| parent | 4eb69b2545cf9f061a9d7222e4cdc7c654694e7c (diff) | |
| download | portage-cb434991ee327850cfeae8fdfb64e7aafc32ab66.tar.gz portage-cb434991ee327850cfeae8fdfb64e7aafc32ab66.tar.bz2 portage-cb434991ee327850cfeae8fdfb64e7aafc32ab66.zip | |
Tweak depcache permission handling so egencache can be run by a user who's
not in the portage group, allowing for better privilege isolation.
svn path=/main/trunk/; revision=13660
Diffstat (limited to 'pym/portage/cache')
| -rw-r--r-- | pym/portage/cache/fs_template.py | 23 | ||||
| -rw-r--r-- | pym/portage/cache/sqlite.py | 2 |
2 files changed, 17 insertions, 8 deletions
diff --git a/pym/portage/cache/fs_template.py b/pym/portage/cache/fs_template.py index f3dc0ce44..ee8964e70 100644 --- a/pym/portage/cache/fs_template.py +++ b/pym/portage/cache/fs_template.py @@ -17,7 +17,7 @@ class FsBased(template.database): gid=portage_gid perms=0665""" - for x,y in (("gid",portage_gid),("perms",0664)): + for x, y in (("gid", -1), ("perms", -1)): if x in config: setattr(self, "_"+x, config[x]) del config[x] @@ -34,8 +34,10 @@ class FsBased(template.database): """returns true or false if it's able to ensure that path is properly chmod'd and chowned. if mtime is specified, attempts to ensure that's correct also""" try: - os.chown(path, -1, self._gid) - os.chmod(path, self._perms) + if self._gid != -1: + os.chown(path, -1, self._gid) + if self._perms != -1: + os.chmod(path, self._perms) if mtime != -1: mtime=long(mtime) os.utime(path, (mtime, mtime)) @@ -55,12 +57,19 @@ class FsBased(template.database): for dir in path.lstrip(os.path.sep).rstrip(os.path.sep).split(os.path.sep): base = os.path.join(base,dir) if not os.path.exists(base): - um=os.umask(0) + if self._perms != -1: + um = os.umask(0) try: - os.mkdir(base, self._perms | 0111) - os.chown(base, -1, self._gid) + perms = self._perms + if perms == -1: + perms = 0 + perms |= 0755 + os.mkdir(base, perms) + if self._gid != -1: + os.chown(base, -1, self._gid) finally: - os.umask(um) + if self._perms != -1: + os.umask(um) def gen_label(base, label): diff --git a/pym/portage/cache/sqlite.py b/pym/portage/cache/sqlite.py index ea77391c7..5657617b3 100644 --- a/pym/portage/cache/sqlite.py +++ b/pym/portage/cache/sqlite.py @@ -62,7 +62,7 @@ class database(fs_template.FsBased): database=self._dbpath, **connection_kwargs) self._db_cursor = self._db_connection.cursor() self._db_cursor.execute("PRAGMA encoding = %s" % self._db_escape_string("UTF-8")) - if not apply_secpass_permissions(self._dbpath, gid=portage_gid, mode=070, mask=02): + if not self._ensure_access(self._dbpath): raise cache_errors.InitializationError(self.__class__, "can't ensure perms on %s" % self._dbpath) self._db_init_cache_size(config["cache_bytes"]) self._db_init_synchronous(config["synchronous"]) |