Attachment #87431 for bug #122517




import selinux
from selinux import is_selinux_enabled
from selinux_aux import setexec, secure_symlink, secure_rename, \
	secure_copy, secure_mkdir

def getcontext():
	return selinux.getcon()[1]

def get_sid(filename):
	return selinux.getfilecon(filename)[1]

def get_lsid(filename):
	return selinux.lgetfilecon(filename)[1]






try:
	import portage_selinux
except OSError, e:
	writemsg("!!! SELinux not loaded: %s\n" % str(e), noiselevel=-1)
	del e
except ImportError:
	pass

		if getattr(self, "_selinux_enabled", None) is None:
			self._selinux_enabled = 0
			if "selinux" in self["USE"].split():
				if "portage_selinux" in globals():
					if portage_selinux.is_selinux_enabled():
						self._selinux_enabled = selinux.enabled
					else:
						self._selinux_enabled = 1

					self._selinux_enabled = 0
			if self._selinux_enabled == 0:
				try:	
					del sys.modules["portage_selinux"]
				except KeyError:
					pass
		return self._selinux_enabled

	if sesandbox:
		con = selinux.getcontext()
		con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_SANDBOX_T"])
		portage_selinux.setexec(con)

	retval = spawn_func(mystring, env=env, **keywords)

	if sesandbox:
		portage_selinux.setexec(None)

	return retval


					try:

						if mysettings.selinux_enabled():
							con = portage_selinux.getcontext()
							con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"])
							portage_selinux.setexec(con)

						myret = portage_exec.spawn_bash(myfetch,
							env=mysettings.environ(), **spawn_keywords)

						if mysettings.selinux_enabled():
							portage_selinux.setexec(None)

					finally:
						#if root, -always- set the perms.

			if destexists and not stat.S_ISDIR(dstat[stat.ST_MODE]):
				os.unlink(dest)
			if selinux_enabled:
				sid = portage_selinux.get_lsid(src)
				portage_selinux.secure_symlink(target, dest, sid)
			else:
				os.symlink(target,dest)
			lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID])

	if sstat[stat.ST_DEV]==dstat[stat.ST_DEV] or selinux_enabled:
		try:
			if selinux_enabled:
				ret = portage_selinux.secure_rename(src, dest)
			else:
				ret=os.rename(src,dest)
			renamefailed=0

		if stat.S_ISREG(sstat[stat.ST_MODE]):
			try: # For safety copy then move it over.
				if selinux_enabled:
					portage_selinux.secure_copy(src, dest+"#new")
					portage_selinux.secure_rename(dest+"#new", dest)
				else:
					shutil.copyfile(src,dest+"#new")
					os.rename(dest+"#new",dest)

						print "bak",mydest,mydest+".backup"
						#now create our directory
						if self.settings.selinux_enabled():
							sid = portage_selinux.get_sid(mysrc)
							portage_selinux.secure_mkdir(mydest, sid)
						else:
							os.mkdir(mydest)
						if bsd_chflags:

				else:
					#destination doesn't exist
					if self.settings.selinux_enabled():
						sid = portage_selinux.get_sid(mysrc)
						portage_selinux.secure_mkdir(mydest, sid)
					else:
						os.mkdir(mydest)
					os.chmod(mydest,mystat[0])

Return to bug 122517

Lines 115-123 Link Here

(-)pym/portage.py (-19 / +19 lines)
115		115
116		116
117	try:	117	try:
118	import selinux	118	import portage_selinux
119	except OSError, e:	119	except OSError, e:
120	writemsg("!!! SELinux not loaded: %s\n" % str(e))	120	writemsg("!!! SELinux not loaded: %s\n" % str(e), noiselevel=-1)
121	del e	121	del e
122	except ImportError:	122	except ImportError:
123	pass	123	pass
Lines 1791-1798 Link Here
1791	if getattr(self, "_selinux_enabled", None) is None:	1791	if getattr(self, "_selinux_enabled", None) is None:
1792	self._selinux_enabled = 0	1792	self._selinux_enabled = 0
1793	if "selinux" in self["USE"].split():	1793	if "selinux" in self["USE"].split():
1794	if "selinux" in globals():	1794	if "portage_selinux" in globals():
1795	if hasattr(selinux, "enabled"):	1795	if portage_selinux.is_selinux_enabled():
1796	self._selinux_enabled = selinux.enabled	1796	self._selinux_enabled = selinux.enabled
1797	else:	1797	else:
1798	self._selinux_enabled = 1	1798	self._selinux_enabled = 1
Lines 1801-1807 Link Here
1801	self._selinux_enabled = 0	1801	self._selinux_enabled = 0
1802	if self._selinux_enabled == 0:	1802	if self._selinux_enabled == 0:
1803	try:	1803	try:
1804	del sys.modules["selinux"]	1804	del sys.modules["portage_selinux"]
1805	except KeyError:	1805	except KeyError:
1806	pass	1806	pass
1807	return self._selinux_enabled	1807	return self._selinux_enabled
Lines 1848-1859 Link Here
1848	if sesandbox:	1848	if sesandbox:
1849	con = selinux.getcontext()	1849	con = selinux.getcontext()
1850	con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_SANDBOX_T"])	1850	con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_SANDBOX_T"])
1851	selinux.setexec(con)	1851	portage_selinux.setexec(con)
1852		1852
1853	retval = spawn_func(mystring, env=env, **keywords)	1853	retval = spawn_func(mystring, env=env, **keywords)
1854		1854
1855	if sesandbox:	1855	if sesandbox:
1856	selinux.setexec(None)	1856	portage_selinux.setexec(None)
1857		1857
1858	return retval	1858	return retval
1859		1859
Lines 2157-2171 Link Here
2157	try:	2157	try:
2158		2158
2159	if mysettings.selinux_enabled():	2159	if mysettings.selinux_enabled():
2160	con = selinux.getcontext()	2160	con = portage_selinux.getcontext()
2161	con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"])	2161	con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"])
2162	selinux.setexec(con)	2162	portage_selinux.setexec(con)
2163		2163
2164	myret = portage_exec.spawn_bash(myfetch,	2164	myret = portage_exec.spawn_bash(myfetch,
2165	env=mysettings.environ(), **spawn_keywords)	2165	env=mysettings.environ(), **spawn_keywords)
2166		2166
2167	if mysettings.selinux_enabled():	2167	if mysettings.selinux_enabled():
2168	selinux.setexec(None)	2168	portage_selinux.setexec(None)
2169		2169
2170	finally:	2170	finally:
2171	#if root, -always- set the perms.	2171	#if root, -always- set the perms.
Lines 3009-3016 Link Here
3009	if destexists and not stat.S_ISDIR(dstat[stat.ST_MODE]):	3009	if destexists and not stat.S_ISDIR(dstat[stat.ST_MODE]):
3010	os.unlink(dest)	3010	os.unlink(dest)
3011	if selinux_enabled:	3011	if selinux_enabled:
3012	sid = selinux.get_lsid(src)	3012	sid = portage_selinux.get_lsid(src)
3013	selinux.secure_symlink(target,dest,sid)	3013	portage_selinux.secure_symlink(target, dest, sid)
3014	else:	3014	else:
3015	os.symlink(target,dest)	3015	os.symlink(target,dest)
3016	lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID])	3016	lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID])
Lines 3034-3040 Link Here
3034	if sstat[stat.ST_DEV]==dstat[stat.ST_DEV] or selinux_enabled:	3034	if sstat[stat.ST_DEV]==dstat[stat.ST_DEV] or selinux_enabled:
3035	try:	3035	try:
3036	if selinux_enabled:	3036	if selinux_enabled:
3037	ret=selinux.secure_rename(src,dest)	3037	ret = portage_selinux.secure_rename(src, dest)
3038	else:	3038	else:
3039	ret=os.rename(src,dest)	3039	ret=os.rename(src,dest)
3040	renamefailed=0	3040	renamefailed=0
Lines 3052-3059 Link Here
3052	if stat.S_ISREG(sstat[stat.ST_MODE]):	3052	if stat.S_ISREG(sstat[stat.ST_MODE]):
3053	try: # For safety copy then move it over.	3053	try: # For safety copy then move it over.
3054	if selinux_enabled:	3054	if selinux_enabled:
3055	selinux.secure_copy(src,dest+"#new")	3055	portage_selinux.secure_copy(src, dest+"#new")
3056	selinux.secure_rename(dest+"#new",dest)	3056	portage_selinux.secure_rename(dest+"#new", dest)
3057	else:	3057	else:
3058	shutil.copyfile(src,dest+"#new")	3058	shutil.copyfile(src,dest+"#new")
3059	os.rename(dest+"#new",dest)	3059	os.rename(dest+"#new",dest)
Lines 6369-6376 Link Here
6369	print "bak",mydest,mydest+".backup"	6369	print "bak",mydest,mydest+".backup"
6370	#now create our directory	6370	#now create our directory
6371	if self.settings.selinux_enabled():	6371	if self.settings.selinux_enabled():
6372	sid = selinux.get_sid(mysrc)	6372	sid = portage_selinux.get_sid(mysrc)
6373	selinux.secure_mkdir(mydest,sid)	6373	portage_selinux.secure_mkdir(mydest, sid)
6374	else:	6374	else:
6375	os.mkdir(mydest)	6375	os.mkdir(mydest)
6376	if bsd_chflags:	6376	if bsd_chflags:
Lines 6381-6388 Link Here
6381	else:	6381	else:
6382	#destination doesn't exist	6382	#destination doesn't exist
6383	if self.settings.selinux_enabled():	6383	if self.settings.selinux_enabled():
6384	sid = selinux.get_sid(mysrc)	6384	sid = portage_selinux.get_sid(mysrc)
6385	selinux.secure_mkdir(mydest,sid)	6385	portage_selinux.secure_mkdir(mydest, sid)
6386	else:	6386	else:
6387	os.mkdir(mydest)	6387	os.mkdir(mydest)
6388	os.chmod(mydest,mystat[0])	6388	os.chmod(mydest,mystat[0])

Added Link Here

(-) (+13 lines)
1	import selinux
2	from selinux import is_selinux_enabled
3	from selinux_aux import setexec, secure_symlink, secure_rename, \
4	secure_copy, secure_mkdir
5
6	def getcontext():
7	return selinux.getcon()[1]
8
9	def get_sid(filename):
10	return selinux.getfilecon(filename)[1]
11
12	def get_lsid(filename):
13	return selinux.lgetfilecon(filename)[1]