From b37379d42e58bd5628feeaa0f06390e4c697efad Mon Sep 17 00:00:00 2001
From: Zac Medico <zmedico@gentoo.org>
Date: Tue, 22 May 2007 05:26:33 +0000
Subject: Use bash to spawn FETCHCOMMAND under selinux since most other
 binaries are forbidden as entrypoints into the fetch domain. Thanks to Justin
 Heesemann <jh@ionium.org> for reporting.

svn path=/main/trunk/; revision=6566
---
 pym/portage/__init__.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'pym')

diff --git a/pym/portage/__init__.py b/pym/portage/__init__.py
index 664f0a7d7..171806f7a 100644
--- a/pym/portage/__init__.py
+++ b/pym/portage/__init__.py
@@ -2687,6 +2687,8 @@ def fetch(myuris, mysettings, listonly=0, fetchonly=0, locks_in_subdir=".locks",
 							con = selinux.getcontext()
 							con = con.replace(mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"])
 							selinux.setexec(con)
+							# bash is an allowed entrypoint, while most binaries are not
+							myfetch = ["bash", "-c", "exec \"$@\"", myfetch[0]] + myfetch
 
 						myret = portage.process.spawn(myfetch,
 							env=mysettings.environ(), **spawn_keywords)
-- 
cgit v1.2.3-1-g7c22