Lines 115-123
Link Here
|
115 |
|
115 |
|
116 |
|
116 |
|
117 |
try: |
117 |
try: |
118 |
import selinux |
118 |
import portage_selinux |
119 |
except OSError, e: |
119 |
except OSError, e: |
120 |
writemsg("!!! SELinux not loaded: %s\n" % str(e)) |
120 |
writemsg("!!! SELinux not loaded: %s\n" % str(e), noiselevel=-1) |
121 |
del e |
121 |
del e |
122 |
except ImportError: |
122 |
except ImportError: |
123 |
pass |
123 |
pass |
Lines 1791-1798
Link Here
|
1791 |
if getattr(self, "_selinux_enabled", None) is None: |
1791 |
if getattr(self, "_selinux_enabled", None) is None: |
1792 |
self._selinux_enabled = 0 |
1792 |
self._selinux_enabled = 0 |
1793 |
if "selinux" in self["USE"].split(): |
1793 |
if "selinux" in self["USE"].split(): |
1794 |
if "selinux" in globals(): |
1794 |
if "portage_selinux" in globals(): |
1795 |
if hasattr(selinux, "enabled"): |
1795 |
if portage_selinux.is_selinux_enabled(): |
1796 |
self._selinux_enabled = selinux.enabled |
1796 |
self._selinux_enabled = selinux.enabled |
1797 |
else: |
1797 |
else: |
1798 |
self._selinux_enabled = 1 |
1798 |
self._selinux_enabled = 1 |
Lines 1801-1807
Link Here
|
1801 |
self._selinux_enabled = 0 |
1801 |
self._selinux_enabled = 0 |
1802 |
if self._selinux_enabled == 0: |
1802 |
if self._selinux_enabled == 0: |
1803 |
try: |
1803 |
try: |
1804 |
del sys.modules["selinux"] |
1804 |
del sys.modules["portage_selinux"] |
1805 |
except KeyError: |
1805 |
except KeyError: |
1806 |
pass |
1806 |
pass |
1807 |
return self._selinux_enabled |
1807 |
return self._selinux_enabled |
Lines 1848-1859
Link Here
|
1848 |
if sesandbox: |
1848 |
if sesandbox: |
1849 |
con = selinux.getcontext() |
1849 |
con = selinux.getcontext() |
1850 |
con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_SANDBOX_T"]) |
1850 |
con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_SANDBOX_T"]) |
1851 |
selinux.setexec(con) |
1851 |
portage_selinux.setexec(con) |
1852 |
|
1852 |
|
1853 |
retval = spawn_func(mystring, env=env, **keywords) |
1853 |
retval = spawn_func(mystring, env=env, **keywords) |
1854 |
|
1854 |
|
1855 |
if sesandbox: |
1855 |
if sesandbox: |
1856 |
selinux.setexec(None) |
1856 |
portage_selinux.setexec(None) |
1857 |
|
1857 |
|
1858 |
return retval |
1858 |
return retval |
1859 |
|
1859 |
|
Lines 2157-2171
Link Here
|
2157 |
try: |
2157 |
try: |
2158 |
|
2158 |
|
2159 |
if mysettings.selinux_enabled(): |
2159 |
if mysettings.selinux_enabled(): |
2160 |
con = selinux.getcontext() |
2160 |
con = portage_selinux.getcontext() |
2161 |
con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"]) |
2161 |
con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"]) |
2162 |
selinux.setexec(con) |
2162 |
portage_selinux.setexec(con) |
2163 |
|
2163 |
|
2164 |
myret = portage_exec.spawn_bash(myfetch, |
2164 |
myret = portage_exec.spawn_bash(myfetch, |
2165 |
env=mysettings.environ(), **spawn_keywords) |
2165 |
env=mysettings.environ(), **spawn_keywords) |
2166 |
|
2166 |
|
2167 |
if mysettings.selinux_enabled(): |
2167 |
if mysettings.selinux_enabled(): |
2168 |
selinux.setexec(None) |
2168 |
portage_selinux.setexec(None) |
2169 |
|
2169 |
|
2170 |
finally: |
2170 |
finally: |
2171 |
#if root, -always- set the perms. |
2171 |
#if root, -always- set the perms. |
Lines 3009-3016
Link Here
|
3009 |
if destexists and not stat.S_ISDIR(dstat[stat.ST_MODE]): |
3009 |
if destexists and not stat.S_ISDIR(dstat[stat.ST_MODE]): |
3010 |
os.unlink(dest) |
3010 |
os.unlink(dest) |
3011 |
if selinux_enabled: |
3011 |
if selinux_enabled: |
3012 |
sid = selinux.get_lsid(src) |
3012 |
sid = portage_selinux.get_lsid(src) |
3013 |
selinux.secure_symlink(target,dest,sid) |
3013 |
portage_selinux.secure_symlink(target, dest, sid) |
3014 |
else: |
3014 |
else: |
3015 |
os.symlink(target,dest) |
3015 |
os.symlink(target,dest) |
3016 |
lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID]) |
3016 |
lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID]) |
Lines 3034-3040
Link Here
|
3034 |
if sstat[stat.ST_DEV]==dstat[stat.ST_DEV] or selinux_enabled: |
3034 |
if sstat[stat.ST_DEV]==dstat[stat.ST_DEV] or selinux_enabled: |
3035 |
try: |
3035 |
try: |
3036 |
if selinux_enabled: |
3036 |
if selinux_enabled: |
3037 |
ret=selinux.secure_rename(src,dest) |
3037 |
ret = portage_selinux.secure_rename(src, dest) |
3038 |
else: |
3038 |
else: |
3039 |
ret=os.rename(src,dest) |
3039 |
ret=os.rename(src,dest) |
3040 |
renamefailed=0 |
3040 |
renamefailed=0 |
Lines 3052-3059
Link Here
|
3052 |
if stat.S_ISREG(sstat[stat.ST_MODE]): |
3052 |
if stat.S_ISREG(sstat[stat.ST_MODE]): |
3053 |
try: # For safety copy then move it over. |
3053 |
try: # For safety copy then move it over. |
3054 |
if selinux_enabled: |
3054 |
if selinux_enabled: |
3055 |
selinux.secure_copy(src,dest+"#new") |
3055 |
portage_selinux.secure_copy(src, dest+"#new") |
3056 |
selinux.secure_rename(dest+"#new",dest) |
3056 |
portage_selinux.secure_rename(dest+"#new", dest) |
3057 |
else: |
3057 |
else: |
3058 |
shutil.copyfile(src,dest+"#new") |
3058 |
shutil.copyfile(src,dest+"#new") |
3059 |
os.rename(dest+"#new",dest) |
3059 |
os.rename(dest+"#new",dest) |
Lines 6369-6376
Link Here
|
6369 |
print "bak",mydest,mydest+".backup" |
6369 |
print "bak",mydest,mydest+".backup" |
6370 |
#now create our directory |
6370 |
#now create our directory |
6371 |
if self.settings.selinux_enabled(): |
6371 |
if self.settings.selinux_enabled(): |
6372 |
sid = selinux.get_sid(mysrc) |
6372 |
sid = portage_selinux.get_sid(mysrc) |
6373 |
selinux.secure_mkdir(mydest,sid) |
6373 |
portage_selinux.secure_mkdir(mydest, sid) |
6374 |
else: |
6374 |
else: |
6375 |
os.mkdir(mydest) |
6375 |
os.mkdir(mydest) |
6376 |
if bsd_chflags: |
6376 |
if bsd_chflags: |
Lines 6381-6388
Link Here
|
6381 |
else: |
6381 |
else: |
6382 |
#destination doesn't exist |
6382 |
#destination doesn't exist |
6383 |
if self.settings.selinux_enabled(): |
6383 |
if self.settings.selinux_enabled(): |
6384 |
sid = selinux.get_sid(mysrc) |
6384 |
sid = portage_selinux.get_sid(mysrc) |
6385 |
selinux.secure_mkdir(mydest,sid) |
6385 |
portage_selinux.secure_mkdir(mydest, sid) |
6386 |
else: |
6386 |
else: |
6387 |
os.mkdir(mydest) |
6387 |
os.mkdir(mydest) |
6388 |
os.chmod(mydest,mystat[0]) |
6388 |
os.chmod(mydest,mystat[0]) |