spawn_func = portage.process.spawn_sandbox
if sesandbox:
- con = selinux.getcontext()
- con = con.replace(mysettings["PORTAGE_T"],
- mysettings["PORTAGE_SANDBOX_T"])
+ con = selinux.settype(mysettings["PORTAGE_SANDBOX_T"])
selinux.setexec(con)
returnpid = keywords.get("returnpid")
if logfile:
os.close(slave_fd)
if sesandbox:
- selinux.setexec(None)
+ selinux.setexec()
if returnpid:
return mypids
try:
if settings.selinux_enabled():
- con = selinux.getcontext()
- con = con.replace(settings["PORTAGE_T"], settings["PORTAGE_FETCH_T"])
+ con = selinux.settype(settings["PORTAGE_FETCH_T"])
selinux.setexec(con)
# bash is an allowed entrypoint, while most binaries are not
if args[0] != BASH_BINARY:
finally:
if settings.selinux_enabled():
- selinux.setexec(None)
+ selinux.setexec()
return rval
finally:
setfscreate()
+def settype(newtype):
+ ret = getcontext().split(":")
+ ret[2] = newtype
+ return ":".join(ret)
+
def setexec(ctx="\n"):
+ if isinstance(ctx, unicode):
+ ctx = ctx.encode('utf_8', 'replace')
if selinux.setexeccon(ctx) < 0:
raise OSError("setexec: Failed setting exec() context \"%s\"." % ctx)
def setfscreate(ctx="\n"):
+ if isinstance(ctx, unicode):
+ ctx = ctx.encode('utf_8', 'replace')
if selinux.setfscreatecon(ctx) < 0:
raise OSError(
"setfscreate: Failed setting fs create context \"%s\"." % ctx)
def spawn(selinux_type, spawn_func, mycommand, opt_name=None, **keywords):
- con = getcontext().split(":")
- con[2] = selinux_type
- setexec(":".join(con))
+ con = settype(selinux_type)
+ setexec(con)
try:
return spawn_func(mycommand, opt_name=opt_name, **keywords)
finally: