diff options
-rw-r--r-- | pym/portage/__init__.py | 26 | ||||
-rw-r--r-- | pym/portage/_selinux.py | 20 |
2 files changed, 22 insertions, 24 deletions
diff --git a/pym/portage/__init__.py b/pym/portage/__init__.py index 94e38e4fb..46cfb9190 100644 --- a/pym/portage/__init__.py +++ b/pym/portage/__init__.py @@ -3870,8 +3870,8 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero spawn_func = portage.process.spawn_sandbox if sesandbox: - con = selinux.settype(mysettings["PORTAGE_SANDBOX_T"]) - selinux.setexec(con) + spawn_func = selinux.spawn_wrapper(spawn_func, + mysettings["PORTAGE_SANDBOX_T"]) returnpid = keywords.get("returnpid") keywords["returnpid"] = True @@ -3880,8 +3880,6 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero finally: if logfile: os.close(slave_fd) - if sesandbox: - selinux.setexec() if returnpid: return mypids @@ -3956,21 +3954,17 @@ def _spawn_fetch(settings, args, **kwargs): os.getuid() == 0 and portage_gid and portage_uid: kwargs.update(_userpriv_spawn_kwargs) - try: + spawn_func = portage.process.spawn - if settings.selinux_enabled(): - con = selinux.settype(settings["PORTAGE_FETCH_T"]) - selinux.setexec(con) - # bash is an allowed entrypoint, while most binaries are not - if args[0] != BASH_BINARY: - args = [BASH_BINARY, "-c", "exec \"$@\"", args[0]] + args + if settings.selinux_enabled(): + spawn_func = selinux.spawn_wrapper(spawn_func, + settings["PORTAGE_FETCH_T"]) - rval = portage.process.spawn(args, - env=dict(settings.iteritems()), **kwargs) + # bash is an allowed entrypoint, while most binaries are not + if args[0] != BASH_BINARY: + args = [BASH_BINARY, "-c", "exec \"$@\"", args[0]] + args - finally: - if settings.selinux_enabled(): - selinux.setexec() + rval = spawn_func(args, env=dict(settings.iteritems()), **kwargs) return rval diff --git a/pym/portage/_selinux.py b/pym/portage/_selinux.py index e3c35ec5d..e91eb110c 100644 --- a/pym/portage/_selinux.py +++ b/pym/portage/_selinux.py @@ -73,14 +73,18 @@ def setfscreate(ctx="\n"): raise OSError( "setfscreate: Failed setting fs create context \"%s\"." % ctx) -def spawn(selinux_type, spawn_func, mycommand, opt_name=None, **keywords): - selinux_type = portage._unicode_encode(selinux_type) - con = settype(selinux_type) - setexec(con) - try: - return spawn_func(mycommand, opt_name=opt_name, **keywords) - finally: - setexec() +def spawn_wrapper(spawn_func, selinux_type): + + def wrapper_func(*args, **kwargs): + selinux_type = portage._unicode_encode(selinux_type) + con = settype(selinux_type) + setexec(con) + try: + return spawn_func(*args, **kwargs) + finally: + setexec() + + return wrapper_func def symlink(target, link, reflnk): target = portage._unicode_encode(target) |