From: Zac Medico Date: Thu, 21 Jul 2011 16:56:33 +0000 (-0700) Subject: BinpkgFetcher: support selinux PORTAGE_FETCH_T X-Git-Tag: v2.2.0_alpha47~9 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=1fbff8957c6de3654f7901e2ed4a075b972d06dc;p=portage.git BinpkgFetcher: support selinux PORTAGE_FETCH_T Thanks to Sven Vermeulen for the initial patch posted on bug #375835. --- diff --git a/pym/_emerge/BinpkgFetcher.py b/pym/_emerge/BinpkgFetcher.py index 6c1dde93e..baea4d6d7 100644 --- a/pym/_emerge/BinpkgFetcher.py +++ b/pym/_emerge/BinpkgFetcher.py @@ -100,6 +100,8 @@ class BinpkgFetcher(SpawnProcess): self.args = fetch_args self.env = fetch_env + if settings.selinux_enabled(): + self._selinux_type = settings["PORTAGE_FETCH_T"] SpawnProcess._start(self) def _pipe(self, fd_pipes): diff --git a/pym/_emerge/SpawnProcess.py b/pym/_emerge/SpawnProcess.py index bc861e9c5..b72971c87 100644 --- a/pym/_emerge/SpawnProcess.py +++ b/pym/_emerge/SpawnProcess.py @@ -8,6 +8,7 @@ import portage from portage import _encodings from portage import _unicode_encode from portage import os +from portage.const import BASH_BINARY import fcntl import errno import gzip @@ -25,7 +26,7 @@ class SpawnProcess(SubProcess): "path_lookup", "pre_exec") __slots__ = ("args",) + \ - _spawn_kwarg_names + _spawn_kwarg_names + ("_selinux_type",) _file_names = ("log", "process", "stdout") _files_dict = slot_dict_class(_file_names, prefix="") @@ -146,7 +147,16 @@ class SpawnProcess(SubProcess): return os.pipe() def _spawn(self, args, **kwargs): - return portage.process.spawn(args, **kwargs) + spawn_func = portage.process.spawn + + if self._selinux_type is not None: + spawn_func = portage.selinux.spawn_wrapper(spawn_func, + self._selinux_type) + # bash is an allowed entrypoint, while most binaries are not + if args[0] != BASH_BINARY: + args = [BASH_BINARY, "-c", "exec \"$@\"", args[0]] + args + + return spawn_func(args, **kwargs) def _output_handler(self, fd, event):