|
Lines 3296-3327
def doebuild(myebuild, mydo, myroot, mys
Link Here
|
| 3296 |
|
3296 |
|
| 3297 |
#initial dep checks complete; time to process main commands |
3297 |
#initial dep checks complete; time to process main commands |
| 3298 |
|
3298 |
|
| 3299 |
nosandbox = (("userpriv" in features) and \ |
3299 |
userpriv_nosandbox = (("userpriv" in features) and \ |
| 3300 |
("usersandbox" not in features) and \ |
3300 |
("usersandbox" not in features) and \ |
| 3301 |
("userpriv" not in mysettings["RESTRICT"]) and \ |
3301 |
("userpriv" not in mysettings["RESTRICT"]) and \ |
| 3302 |
("nouserpriv" not in mysettings["RESTRICT"])) |
3302 |
("nouserpriv" not in mysettings["RESTRICT"])) |
| 3303 |
if nosandbox and ("userpriv" not in features or \ |
3303 |
restrict_sandbox = "sandbox" in mysettings["RESTRICT"] |
| 3304 |
"userpriv" in mysettings["RESTRICT"] or \ |
|
|
| 3305 |
"nouserpriv" in mysettings["RESTRICT"]): |
| 3306 |
nosandbox = ("sandbox" not in features and \ |
| 3307 |
"usersandbox" not in features) |
| 3308 |
|
3304 |
|
| 3309 |
sesandbox = mysettings.selinux_enabled() and \ |
3305 |
sesandbox = mysettings.selinux_enabled() and \ |
| 3310 |
"sesandbox" in mysettings.features |
3306 |
"sesandbox" in mysettings.features |
| 3311 |
ebuild_sh = EBUILD_SH_BINARY + " %s" |
3307 |
ebuild_sh = EBUILD_SH_BINARY + " %s" |
| 3312 |
misc_sh = MISC_SH_BINARY + " dyn_%s" |
3308 |
misc_sh = MISC_SH_BINARY + " dyn_%s" |
| 3313 |
|
3309 |
|
| 3314 |
# args are for the to spawn function |
3310 |
actionmap = {} |
| 3315 |
actionmap = { |
3311 |
for x in ["depend", "setup", "unpack", "compile", "test", "install", |
| 3316 |
"depend": {"cmd":ebuild_sh, "args":{"droppriv":1, "free":0, "sesandbox":0}}, |
3312 |
"rpm", "package"]: |
| 3317 |
"setup": {"cmd":ebuild_sh, "args":{"droppriv":0, "free":1, "sesandbox":0}}, |
3313 |
can_drop_privs = x in ["depend", "unpack", "compile", "test"] |
| 3318 |
"unpack": {"cmd":ebuild_sh, "args":{"droppriv":1, "free":0, "sesandbox":sesandbox}}, |
3314 |
must_disable_sandbox = x in ["setup"] |
| 3319 |
"compile":{"cmd":ebuild_sh, "args":{"droppriv":1, "free":nosandbox, "sesandbox":sesandbox}}, |
3315 |
must_enable_sandbox = x in ["depend", "rpm", "package"] |
| 3320 |
"test": {"cmd":ebuild_sh, "args":{"droppriv":1, "free":nosandbox, "sesandbox":sesandbox}}, |
3316 |
can_restrict_sandbox = x in ["unpack", "compile", "test", "install"] |
| 3321 |
"install":{"cmd":ebuild_sh, "args":{"droppriv":0, "free":0, "sesandbox":sesandbox}}, |
3317 |
can_use_sesandbox = x in ["unpack", "compile", "test", "install"] |
| 3322 |
"rpm": {"cmd":misc_sh, "args":{"droppriv":0, "free":0, "sesandbox":0}}, |
3318 |
actionmap[mydo] = { # args are for the to spawn function |
| 3323 |
"package":{"cmd":misc_sh, "args":{"droppriv":0, "free":0, "sesandbox":0}}, |
3319 |
"cmd": misc_sh if x in ["rpm", "package"] else ebuild_sh, |
| 3324 |
} |
3320 |
"args": {"droppriv": can_drop_privs, |
|
|
3321 |
"free": (((can_restrict_sandbox and restrict_sandbox) or |
| 3322 |
(can_drop_privs and userpriv_nosandbox)) and |
| 3323 |
not must_enable_sandbox) or must_disable_sandbox |
| 3324 |
"sesandbox": can_use_sesandbox and sesandbox}} |
| 3325 |
|
3325 |
|
| 3326 |
# merge the deps in so we have again a 'full' actionmap |
3326 |
# merge the deps in so we have again a 'full' actionmap |
| 3327 |
# be glad when this can die. |
3327 |
# be glad when this can die. |
