Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 106141 Details for
Bug 161045
[PATCH] RESTRICT=sandbox doesn't work
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
alternate-respect-restrict-sandbox.patch
alternate-respect-restrict-sandbox.patch (text/plain), 2.55 KB, created by
Ed Catmur
on 2007-01-09 03:12:25 UTC
(
hide
)
Description:
alternate-respect-restrict-sandbox.patch
Filename:
MIME Type:
Creator:
Ed Catmur
Created:
2007-01-09 03:12:25 UTC
Size:
2.55 KB
patch
obsolete
>--- pym/portage.py 2007/01/09 01:03:37 1.1 >+++ pym/portage.py 2007/01/09 03:08:38 >@@ -3296,32 +3296,32 @@ def doebuild(myebuild, mydo, myroot, mys > > #initial dep checks complete; time to process main commands > >- nosandbox = (("userpriv" in features) and \ >+ userpriv_nosandbox = (("userpriv" in features) and \ > ("usersandbox" not in features) and \ > ("userpriv" not in mysettings["RESTRICT"]) and \ > ("nouserpriv" not in mysettings["RESTRICT"])) >- if nosandbox and ("userpriv" not in features or \ >- "userpriv" in mysettings["RESTRICT"] or \ >- "nouserpriv" in mysettings["RESTRICT"]): >- nosandbox = ("sandbox" not in features and \ >- "usersandbox" not in features) >+ restrict_sandbox = "sandbox" in mysettings["RESTRICT"] > > sesandbox = mysettings.selinux_enabled() and \ > "sesandbox" in mysettings.features > ebuild_sh = EBUILD_SH_BINARY + " %s" > misc_sh = MISC_SH_BINARY + " dyn_%s" > >- # args are for the to spawn function >- actionmap = { >-"depend": {"cmd":ebuild_sh, "args":{"droppriv":1, "free":0, "sesandbox":0}}, >-"setup": {"cmd":ebuild_sh, "args":{"droppriv":0, "free":1, "sesandbox":0}}, >-"unpack": {"cmd":ebuild_sh, "args":{"droppriv":1, "free":0, "sesandbox":sesandbox}}, >-"compile":{"cmd":ebuild_sh, "args":{"droppriv":1, "free":nosandbox, "sesandbox":sesandbox}}, >-"test": {"cmd":ebuild_sh, "args":{"droppriv":1, "free":nosandbox, "sesandbox":sesandbox}}, >-"install":{"cmd":ebuild_sh, "args":{"droppriv":0, "free":0, "sesandbox":sesandbox}}, >-"rpm": {"cmd":misc_sh, "args":{"droppriv":0, "free":0, "sesandbox":0}}, >-"package":{"cmd":misc_sh, "args":{"droppriv":0, "free":0, "sesandbox":0}}, >- } >+ actionmap = {} >+ for x in ["depend", "setup", "unpack", "compile", "test", "install", >+ "rpm", "package"]: >+ can_drop_privs = x in ["depend", "unpack", "compile", "test"] >+ must_disable_sandbox = x in ["setup"] >+ must_enable_sandbox = x in ["depend", "rpm", "package"] >+ can_restrict_sandbox = x in ["unpack", "compile", "test", "install"] >+ can_use_sesandbox = x in ["unpack", "compile", "test", "install"] >+ actionmap[mydo] = { # args are for the to spawn function >+ "cmd": misc_sh if x in ["rpm", "package"] else ebuild_sh, >+ "args": {"droppriv": can_drop_privs, >+ "free": (((can_restrict_sandbox and restrict_sandbox) or >+ (can_drop_privs and userpriv_nosandbox)) and >+ not must_enable_sandbox) or must_disable_sandbox >+ "sesandbox": can_use_sesandbox and sesandbox}} > > # merge the deps in so we have again a 'full' actionmap > # be glad when this can die.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=106141">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 161045
:
106133
|
106137
| 106141 |
106320
