Lines 34-40
Link Here
|
34 |
unmerge, _encodings, _parse_eapi_ebuild_head, _os_merge, \ |
34 |
unmerge, _encodings, _parse_eapi_ebuild_head, _os_merge, \ |
35 |
_shell_quote, _split_ebuild_name_glep55, _unicode_decode, _unicode_encode |
35 |
_shell_quote, _split_ebuild_name_glep55, _unicode_decode, _unicode_encode |
36 |
from portage.const import EBUILD_SH_ENV_FILE, EBUILD_SH_BINARY, \ |
36 |
from portage.const import EBUILD_SH_ENV_FILE, EBUILD_SH_BINARY, \ |
37 |
INVALID_ENV_FILE, MISC_SH_BINARY, EPREFIX, EPREFIX_LSTRIP |
37 |
INVALID_ENV_FILE, MISC_SH_BINARY, EPREFIX, EPREFIX_LSTRIP, \ |
|
|
38 |
MACOSSANDBOX_PROFILE |
38 |
from portage.data import portage_gid, portage_uid, secpass, \ |
39 |
from portage.data import portage_gid, portage_uid, secpass, \ |
39 |
uid, userpriv_groups |
40 |
uid, userpriv_groups |
40 |
from portage.dbapi.virtual import fakedbapi |
41 |
from portage.dbapi.virtual import fakedbapi |
Lines 915-931
Link Here
|
915 |
restrict = mysettings["PORTAGE_RESTRICT"].split() |
916 |
restrict = mysettings["PORTAGE_RESTRICT"].split() |
916 |
nosandbox = (("userpriv" in features) and \ |
917 |
nosandbox = (("userpriv" in features) and \ |
917 |
("usersandbox" not in features) and \ |
918 |
("usersandbox" not in features) and \ |
|
|
919 |
("macosusersandbox" not in features) and \ |
918 |
"userpriv" not in restrict and \ |
920 |
"userpriv" not in restrict and \ |
919 |
"nouserpriv" not in restrict) |
921 |
"nouserpriv" not in restrict) |
920 |
if nosandbox and ("userpriv" not in features or \ |
922 |
if nosandbox and ("userpriv" not in features or \ |
921 |
"userpriv" in restrict or \ |
923 |
"userpriv" in restrict or \ |
922 |
"nouserpriv" in restrict): |
924 |
"nouserpriv" in restrict): |
923 |
nosandbox = ("sandbox" not in features and \ |
925 |
nosandbox = ("sandbox" not in features and \ |
924 |
"usersandbox" not in features) |
926 |
"usersandbox" not in features and \ |
|
|
927 |
"macosusersandbox" not in features) |
925 |
|
928 |
|
926 |
if not portage.process.sandbox_capable: |
929 |
if not portage.process.sandbox_capable: |
927 |
nosandbox = True |
930 |
nosandbox = True |
928 |
|
931 |
|
|
|
932 |
if not portage.process.macossandbox_capable: |
933 |
nosandbox = True |
934 |
|
929 |
sesandbox = mysettings.selinux_enabled() and \ |
935 |
sesandbox = mysettings.selinux_enabled() and \ |
930 |
"sesandbox" in mysettings.features |
936 |
"sesandbox" in mysettings.features |
931 |
|
937 |
|
Lines 1205-1219
Link Here
|
1205 |
# fake ownership/permissions will have to be converted to real |
1211 |
# fake ownership/permissions will have to be converted to real |
1206 |
# permissions in the merge phase. |
1212 |
# permissions in the merge phase. |
1207 |
fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable |
1213 |
fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable |
|
|
1214 |
macossandbox = ("macossandbox" in features or \ |
1215 |
"macosusersandbox" in features) |
1208 |
if droppriv and not uid and portage_gid and portage_uid: |
1216 |
if droppriv and not uid and portage_gid and portage_uid: |
1209 |
keywords.update({"uid":portage_uid,"gid":portage_gid, |
1217 |
keywords.update({"uid":portage_uid,"gid":portage_gid, |
1210 |
"groups":userpriv_groups,"umask":0o02}) |
1218 |
"groups":userpriv_groups,"umask":0o02}) |
1211 |
if not free: |
1219 |
if not free: |
1212 |
free=((droppriv and "usersandbox" not in features) or \ |
1220 |
free=((droppriv and "usersandbox" not in features and |
|
|
1221 |
"macosusersandbox" not in features) or \ |
1213 |
(not droppriv and "sandbox" not in features and \ |
1222 |
(not droppriv and "sandbox" not in features and \ |
1214 |
"usersandbox" not in features and not fakeroot)) |
1223 |
"usersandbox" not in features and not fakeroot and \ |
|
|
1224 |
not macossandbox)) |
1225 |
|
1226 |
# confining the process to a prefix sandbox is disabled by default, if |
1227 |
# a normal sandbox is requested a this point, it will be used, if no |
1228 |
# sandbox is requested, a prefix sandbox will be imposed if requested |
1229 |
# by the appropriate features |
1230 |
prefixsandbox = False |
1231 |
if free: |
1232 |
prefixsandbox = "macosprefixsandbox" in features |
1233 |
free = not prefixsandbox |
1215 |
|
1234 |
|
1216 |
if not free and not (fakeroot or portage.process.sandbox_capable): |
1235 |
if not free and not (fakeroot or portage.process.sandbox_capable or \ |
|
|
1236 |
portage.process.macossandbox_capable): |
1217 |
free = True |
1237 |
free = True |
1218 |
|
1238 |
|
1219 |
if free or "SANDBOX_ACTIVE" in os.environ: |
1239 |
if free or "SANDBOX_ACTIVE" in os.environ: |
Lines 1223-1228
Link Here
|
1223 |
keywords["opt_name"] += " fakeroot" |
1243 |
keywords["opt_name"] += " fakeroot" |
1224 |
keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state") |
1244 |
keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state") |
1225 |
spawn_func = portage.process.spawn_fakeroot |
1245 |
spawn_func = portage.process.spawn_fakeroot |
|
|
1246 |
elif macossandbox: |
1247 |
keywords["opt_name"] += " macossandbox" |
1248 |
if prefixsandbox: |
1249 |
sbprefixpath = mysettings["EPREFIX"] |
1250 |
else: |
1251 |
sbprefixpath = mysettings["PORTAGE_BUILDDIR"] |
1252 |
|
1253 |
# escape some characters with special meaning in re's |
1254 |
sbprefixre = sbprefixpath.replace("+", "\+") |
1255 |
sbprefixre = sbprefixre.replace("*", "\*") |
1256 |
sbprefixre = sbprefixre.replace("[", "\[") |
1257 |
sbprefixre = sbprefixre.replace("[", "\[") |
1258 |
|
1259 |
sbprofile = MACOSSANDBOX_PROFILE |
1260 |
sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX@@", sbprefixpath) |
1261 |
sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX_RE@@", sbprefixre) |
1262 |
|
1263 |
keywords["profile"] = sbprofile |
1264 |
spawn_func = portage.process.spawn_macossandbox |
1226 |
else: |
1265 |
else: |
1227 |
keywords["opt_name"] += " sandbox" |
1266 |
keywords["opt_name"] += " sandbox" |
1228 |
spawn_func = portage.process.spawn_sandbox |
1267 |
spawn_func = portage.process.spawn_sandbox |