Lines 35-41
Link Here
|
35 |
_shell_quote, _unicode_decode, _unicode_encode |
35 |
_shell_quote, _unicode_decode, _unicode_encode |
36 |
from portage.const import EBUILD_SH_ENV_FILE, EBUILD_SH_ENV_DIR, \ |
36 |
from portage.const import EBUILD_SH_ENV_FILE, EBUILD_SH_ENV_DIR, \ |
37 |
EBUILD_SH_BINARY, INVALID_ENV_FILE, MISC_SH_BINARY, \ |
37 |
EBUILD_SH_BINARY, INVALID_ENV_FILE, MISC_SH_BINARY, \ |
38 |
EPREFIX, EPREFIX_LSTRIP |
38 |
EPREFIX, EPREFIX_LSTRIP, MACOSSANDBOX_PROFILE |
39 |
from portage.data import portage_gid, portage_uid, secpass, \ |
39 |
from portage.data import portage_gid, portage_uid, secpass, \ |
40 |
uid, userpriv_groups |
40 |
uid, userpriv_groups |
41 |
from portage.dbapi.virtual import fakedbapi |
41 |
from portage.dbapi.virtual import fakedbapi |
Lines 941-957
Link Here
|
941 |
restrict = settings["PORTAGE_RESTRICT"].split() |
941 |
restrict = settings["PORTAGE_RESTRICT"].split() |
942 |
nosandbox = (("userpriv" in features) and \ |
942 |
nosandbox = (("userpriv" in features) and \ |
943 |
("usersandbox" not in features) and \ |
943 |
("usersandbox" not in features) and \ |
|
|
944 |
("macosusersandbox" not in features) and \ |
944 |
"userpriv" not in restrict and \ |
945 |
"userpriv" not in restrict and \ |
945 |
"nouserpriv" not in restrict) |
946 |
"nouserpriv" not in restrict) |
946 |
if nosandbox and ("userpriv" not in features or \ |
947 |
if nosandbox and ("userpriv" not in features or \ |
947 |
"userpriv" in restrict or \ |
948 |
"userpriv" in restrict or \ |
948 |
"nouserpriv" in restrict): |
949 |
"nouserpriv" in restrict): |
949 |
nosandbox = ("sandbox" not in features and \ |
950 |
nosandbox = ("sandbox" not in features and \ |
950 |
"usersandbox" not in features) |
951 |
"usersandbox" not in features and \ |
|
|
952 |
"macosusersandbox" not in features) |
951 |
|
953 |
|
952 |
if not portage.process.sandbox_capable: |
954 |
if not portage.process.sandbox_capable: |
953 |
nosandbox = True |
955 |
nosandbox = True |
954 |
|
956 |
|
|
|
957 |
if not portage.process.macossandbox_capable: |
958 |
nosandbox = True |
959 |
|
955 |
sesandbox = settings.selinux_enabled() and \ |
960 |
sesandbox = settings.selinux_enabled() and \ |
956 |
"sesandbox" in features |
961 |
"sesandbox" in features |
957 |
|
962 |
|
Lines 1096-1110
Link Here
|
1096 |
# fake ownership/permissions will have to be converted to real |
1101 |
# fake ownership/permissions will have to be converted to real |
1097 |
# permissions in the merge phase. |
1102 |
# permissions in the merge phase. |
1098 |
fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable |
1103 |
fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable |
|
|
1104 |
macossandbox = ("macossandbox" in features or \ |
1105 |
"macosusersandbox" in features) |
1099 |
if droppriv and not uid and portage_gid and portage_uid: |
1106 |
if droppriv and not uid and portage_gid and portage_uid: |
1100 |
keywords.update({"uid":portage_uid,"gid":portage_gid, |
1107 |
keywords.update({"uid":portage_uid,"gid":portage_gid, |
1101 |
"groups":userpriv_groups,"umask":0o02}) |
1108 |
"groups":userpriv_groups,"umask":0o02}) |
1102 |
if not free: |
1109 |
if not free: |
1103 |
free=((droppriv and "usersandbox" not in features) or \ |
1110 |
free=((droppriv and "usersandbox" not in features and |
|
|
1111 |
"macosusersandbox" not in features) or \ |
1104 |
(not droppriv and "sandbox" not in features and \ |
1112 |
(not droppriv and "sandbox" not in features and \ |
1105 |
"usersandbox" not in features and not fakeroot)) |
1113 |
"usersandbox" not in features and not fakeroot and \ |
|
|
1114 |
not macossandbox)) |
1115 |
|
1116 |
# confining the process to a prefix sandbox is disabled by default, if |
1117 |
# a normal sandbox is requested a this point, it will be used, if no |
1118 |
# sandbox is requested, a prefix sandbox will be imposed if requested |
1119 |
# by the appropriate features |
1120 |
prefixsandbox = False |
1121 |
if free: |
1122 |
prefixsandbox = "macosprefixsandbox" in features |
1123 |
free = not prefixsandbox |
1106 |
|
1124 |
|
1107 |
if not free and not (fakeroot or portage.process.sandbox_capable): |
1125 |
if not free and not (fakeroot or portage.process.sandbox_capable or \ |
|
|
1126 |
portage.process.macossandbox_capable): |
1108 |
free = True |
1127 |
free = True |
1109 |
|
1128 |
|
1110 |
if mysettings.mycpv is not None: |
1129 |
if mysettings.mycpv is not None: |
Lines 1120-1125
Link Here
|
1120 |
keywords["opt_name"] += " fakeroot" |
1139 |
keywords["opt_name"] += " fakeroot" |
1121 |
keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state") |
1140 |
keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state") |
1122 |
spawn_func = portage.process.spawn_fakeroot |
1141 |
spawn_func = portage.process.spawn_fakeroot |
|
|
1142 |
elif macossandbox: |
1143 |
keywords["opt_name"] += " macossandbox" |
1144 |
if prefixsandbox: |
1145 |
sbprefixpath = mysettings["EPREFIX"] |
1146 |
else: |
1147 |
sbprefixpath = mysettings["PORTAGE_BUILDDIR"] |
1148 |
|
1149 |
# escape some characters with special meaning in re's |
1150 |
sbprefixre = sbprefixpath.replace("+", "\+") |
1151 |
sbprefixre = sbprefixre.replace("*", "\*") |
1152 |
sbprefixre = sbprefixre.replace("[", "\[") |
1153 |
sbprefixre = sbprefixre.replace("[", "\[") |
1154 |
|
1155 |
sbprofile = MACOSSANDBOX_PROFILE |
1156 |
sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX@@", sbprefixpath) |
1157 |
sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX_RE@@", sbprefixre) |
1158 |
|
1159 |
keywords["profile"] = sbprofile |
1160 |
spawn_func = portage.process.spawn_macossandbox |
1123 |
else: |
1161 |
else: |
1124 |
keywords["opt_name"] += " sandbox" |
1162 |
keywords["opt_name"] += " sandbox" |
1125 |
spawn_func = portage.process.spawn_sandbox |
1163 |
spawn_func = portage.process.spawn_sandbox |