Replace the selinux.spawn() function with a spawn_wrapper() function and

use it inside portage._spawn_fetch() and portage.spawn().

svn path=/main/trunk/; revision=14022

diff --git a/pym/portage/__init__.py b/pym/portage/__init__.py
index 94e38e4fbcd44f553d549c986f67f81faa1a1231..46cfb9190b795688717ea56fb736ab910ca647ad 100644 (file)
--- a/pym/portage/__init__.py
+++ b/pym/portage/__init__.py
@@ -3870,8 +3870,8 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero
                spawn_func = portage.process.spawn_sandbox
 
        if sesandbox:
-               con = selinux.settype(mysettings["PORTAGE_SANDBOX_T"])
-               selinux.setexec(con)
+               spawn_func = selinux.spawn_wrapper(spawn_func,
+                       mysettings["PORTAGE_SANDBOX_T"])
 
        returnpid = keywords.get("returnpid")
        keywords["returnpid"] = True
@@ -3880,8 +3880,6 @@ def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero
        finally:
                if logfile:
                        os.close(slave_fd)
-               if sesandbox:
-                       selinux.setexec()
 
        if returnpid:
                return mypids
@@ -3956,21 +3954,17 @@ def _spawn_fetch(settings, args, **kwargs):
                os.getuid() == 0 and portage_gid and portage_uid:
                kwargs.update(_userpriv_spawn_kwargs)
 
-       try:
+       spawn_func = portage.process.spawn
 
-               if settings.selinux_enabled():
-                       con = selinux.settype(settings["PORTAGE_FETCH_T"])
-                       selinux.setexec(con)
-                       # bash is an allowed entrypoint, while most binaries are not
-                       if args[0] != BASH_BINARY:
-                               args = [BASH_BINARY, "-c", "exec \"$@\"", args[0]] + args
+       if settings.selinux_enabled():
+               spawn_func = selinux.spawn_wrapper(spawn_func,
+                       settings["PORTAGE_FETCH_T"])
 
-               rval = portage.process.spawn(args,
-                       env=dict(settings.iteritems()), **kwargs)
+               # bash is an allowed entrypoint, while most binaries are not
+               if args[0] != BASH_BINARY:
+                       args = [BASH_BINARY, "-c", "exec \"$@\"", args[0]] + args
 
-       finally:
-               if settings.selinux_enabled():
-                       selinux.setexec()
+       rval = spawn_func(args, env=dict(settings.iteritems()), **kwargs)
 
        return rval
 

diff --git a/pym/portage/_selinux.py b/pym/portage/_selinux.py
index e3c35ec5d3185d99b03306fe4d4d6cfb5fd07cfe..e91eb110cddeb45b2834cff78dae9ec2d3060bad 100644 (file)
--- a/pym/portage/_selinux.py
+++ b/pym/portage/_selinux.py
@@ -73,14 +73,18 @@ def setfscreate(ctx="\n"):
                raise OSError(
                        "setfscreate: Failed setting fs create context \"%s\"." % ctx)
 
-def spawn(selinux_type, spawn_func, mycommand, opt_name=None, **keywords):
-       selinux_type = portage._unicode_encode(selinux_type)
-       con = settype(selinux_type)
-       setexec(con)
-       try:
-               return spawn_func(mycommand, opt_name=opt_name, **keywords)
-       finally:
-               setexec()
+def spawn_wrapper(spawn_func, selinux_type):
+
+       def wrapper_func(*args, **kwargs):
+               selinux_type = portage._unicode_encode(selinux_type)
+               con = settype(selinux_type)
+               setexec(con)
+               try:
+                       return spawn_func(*args, **kwargs)
+               finally:
+                       setexec()
+
+       return wrapper_func
 
 def symlink(target, link, reflnk):
        target = portage._unicode_encode(target)