diff options
| author | Zac Medico <zmedico@gentoo.org> | 2009-08-10 17:33:00 +0000 |
|---|---|---|
| committer | Zac Medico <zmedico@gentoo.org> | 2009-08-10 17:33:00 +0000 |
| commit | ca9a0441e4bf226755aa29c3dc3a0d4867d32d89 (patch) | |
| tree | 48bba2e8930b8364c2d99ce5b071fcd96577cca9 /pym | |
| parent | 8e625c41a5417f697d67d8fe1c70b6b05435ab42 (diff) | |
| download | portage-ca9a0441e4bf226755aa29c3dc3a0d4867d32d89.tar.gz portage-ca9a0441e4bf226755aa29c3dc3a0d4867d32d89.tar.bz2 portage-ca9a0441e4bf226755aa29c3dc3a0d4867d32d89.zip | |
Bug #280998 - Misc selinux fixes. Thanks to Chris PeBenito
<pebenito@gentoo.org> for this patch.
svn path=/main/trunk/; revision=13977
Diffstat (limited to 'pym')
| -rw-r--r-- | pym/portage/__init__.py | 11 | ||||
| -rw-r--r-- | pym/portage/_selinux.py | 14 |
2 files changed, 15 insertions, 10 deletions
diff --git a/pym/portage/__init__.py b/pym/portage/__init__.py index d9fe686c1..b26e8bd9c 100644 --- a/pym/portage/__init__.py +++ b/pym/portage/__init__.py @@ -3483,9 +3483,7 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero spawn_func = portage.process.spawn_sandbox if sesandbox: - con = selinux.getcontext() - con = con.replace(mysettings["PORTAGE_T"], - mysettings["PORTAGE_SANDBOX_T"]) + con = selinux.settype(mysettings["PORTAGE_SANDBOX_T"]) selinux.setexec(con) returnpid = keywords.get("returnpid") @@ -3496,7 +3494,7 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero if logfile: os.close(slave_fd) if sesandbox: - selinux.setexec(None) + selinux.setexec() if returnpid: return mypids @@ -3574,8 +3572,7 @@ def _spawn_fetch(settings, args, **kwargs): try: if settings.selinux_enabled(): - con = selinux.getcontext() - con = con.replace(settings["PORTAGE_T"], settings["PORTAGE_FETCH_T"]) + con = selinux.settype(settings["PORTAGE_FETCH_T"]) selinux.setexec(con) # bash is an allowed entrypoint, while most binaries are not if args[0] != BASH_BINARY: @@ -3586,7 +3583,7 @@ def _spawn_fetch(settings, args, **kwargs): finally: if settings.selinux_enabled(): - selinux.setexec(None) + selinux.setexec() return rval diff --git a/pym/portage/_selinux.py b/pym/portage/_selinux.py index 2a50f7434..1b5f530ce 100644 --- a/pym/portage/_selinux.py +++ b/pym/portage/_selinux.py @@ -61,19 +61,27 @@ def rename(src, dest): finally: setfscreate() +def settype(newtype): + ret = getcontext().split(":") + ret[2] = newtype + return ":".join(ret) + def setexec(ctx="\n"): + if isinstance(ctx, unicode): + ctx = ctx.encode('utf_8', 'replace') if selinux.setexeccon(ctx) < 0: raise OSError("setexec: Failed setting exec() context \"%s\"." % ctx) def setfscreate(ctx="\n"): + if isinstance(ctx, unicode): + ctx = ctx.encode('utf_8', 'replace') if selinux.setfscreatecon(ctx) < 0: raise OSError( "setfscreate: Failed setting fs create context \"%s\"." % ctx) def spawn(selinux_type, spawn_func, mycommand, opt_name=None, **keywords): - con = getcontext().split(":") - con[2] = selinux_type - setexec(":".join(con)) + con = settype(selinux_type) + setexec(con) try: return spawn_func(mycommand, opt_name=opt_name, **keywords) finally: |