From 262d3d812babb46bed6cc3b4b14171526151f231 Mon Sep 17 00:00:00 2001
From: Zac Medico <zmedico@gentoo.org>
Date: Tue, 22 May 2007 13:20:54 +0000
Subject: Use bash to spawn FETCHCOMMAND under selinux since most other
 binaries are forbidden as entrypoints into the fetch domain. Thanks to Justin
 Heesemann <jh@ionium.org> for reporting. (trunk r6565:6566)

svn path=/main/branches/2.1.2/; revision=6577
---
 pym/portage.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'pym')

diff --git a/pym/portage.py b/pym/portage.py
index 0abaf3126..8df84d5b5 100644
--- a/pym/portage.py
+++ b/pym/portage.py
@@ -2595,6 +2595,8 @@ def fetch(myuris, mysettings, listonly=0, fetchonly=0, locks_in_subdir=".locks",
 							con = selinux.getcontext()
 							con = con.replace(mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"])
 							selinux.setexec(con)
+							# bash is an allowed entrypoint, while most binaries are not
+							myfetch = ["bash", "-c", "exec \"$@\"", myfetch[0]] + myfetch
 
 						myret = portage_exec.spawn(myfetch,
 							env=mysettings.environ(), **spawn_keywords)
-- 
cgit v1.2.3-1-g7c22