=== added file 'pym/portage_selinux.py' --- /dev/null +++ pym/portage_selinux.py @@ -0,0 +1,13 @@ +import selinux +from selinux import is_selinux_enabled +from selinux_aux import getcon, setexec, secure_symlink, secure_rename, \ + secure_copy, secure_mkdir + +def getcontext(): + return selinux.getcon()[1] + +def get_sid(filename): + return selinux.getfilecon(filename)[1] + +def get_lsid(filename): + return selinux.lgetfilecon(filename)[1] === modified file 'pym/portage.py' --- pym/portage.py +++ pym/portage.py @@ -115,9 +115,9 @@ try: - import selinux + import portage_selinux except OSError, e: - writemsg("!!! SELinux not loaded: %s\n" % str(e)) + writemsg("!!! SELinux not loaded: %s\n" % str(e), noiselevel=-1) del e except ImportError: pass @@ -1791,8 +1791,8 @@ if getattr(self, "_selinux_enabled", None) is None: self._selinux_enabled = 0 if "selinux" in self["USE"].split(): - if "selinux" in globals(): - if hasattr(selinux, "enabled"): + if "portage_selinux" in globals(): + if portage_selinux.is_selinux_enabled(): self._selinux_enabled = selinux.enabled else: self._selinux_enabled = 1 @@ -1801,7 +1801,7 @@ self._selinux_enabled = 0 if self._selinux_enabled == 0: try: - del sys.modules["selinux"] + del sys.modules["portage_selinux"] except KeyError: pass return self._selinux_enabled @@ -1848,12 +1848,12 @@ if sesandbox: con = selinux.getcontext() con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_SANDBOX_T"]) - selinux.setexec(con) + portage_selinux.setexec(con) retval = spawn_func(mystring, env=env, **keywords) if sesandbox: - selinux.setexec(None) + portage_selinux.setexec(None) return retval @@ -2157,15 +2157,15 @@ try: if mysettings.selinux_enabled(): - con = selinux.getcontext() + con = portage_selinux.getcontext() con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"]) - selinux.setexec(con) + portage_selinux.setexec(con) myret = portage_exec.spawn_bash(myfetch, env=mysettings.environ(), **spawn_keywords) if mysettings.selinux_enabled(): - selinux.setexec(None) + portage_selinux.setexec(None) finally: #if root, -always- set the perms. @@ -3009,8 +3009,8 @@ if destexists and not stat.S_ISDIR(dstat[stat.ST_MODE]): os.unlink(dest) if selinux_enabled: - sid = selinux.get_lsid(src) - selinux.secure_symlink(target,dest,sid) + sid = portage_selinux.get_lsid(src) + portage_selinux.secure_symlink(target, dest, sid) else: os.symlink(target,dest) lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID]) @@ -3034,7 +3034,7 @@ if sstat[stat.ST_DEV]==dstat[stat.ST_DEV] or selinux_enabled: try: if selinux_enabled: - ret=selinux.secure_rename(src,dest) + ret = portage_selinux.secure_rename(src, dest) else: ret=os.rename(src,dest) renamefailed=0 @@ -3052,8 +3052,8 @@ if stat.S_ISREG(sstat[stat.ST_MODE]): try: # For safety copy then move it over. if selinux_enabled: - selinux.secure_copy(src,dest+"#new") - selinux.secure_rename(dest+"#new",dest) + portage_selinux.secure_copy(src, dest+"#new") + portage_selinux.secure_rename(dest+"#new", dest) else: shutil.copyfile(src,dest+"#new") os.rename(dest+"#new",dest) @@ -6369,8 +6369,8 @@ print "bak",mydest,mydest+".backup" #now create our directory if self.settings.selinux_enabled(): - sid = selinux.get_sid(mysrc) - selinux.secure_mkdir(mydest,sid) + sid = portage_selinux.get_sid(mysrc) + portage_selinux.secure_mkdir(mydest, sid) else: os.mkdir(mydest) if bsd_chflags: @@ -6381,8 +6381,8 @@ else: #destination doesn't exist if self.settings.selinux_enabled(): - sid = selinux.get_sid(mysrc) - selinux.secure_mkdir(mydest,sid) + sid = portage_selinux.get_sid(mysrc) + portage_selinux.secure_mkdir(mydest, sid) else: os.mkdir(mydest) os.chmod(mydest,mystat[0])