Lines 34-40
Link Here
|
34 |
_shell_quote, _split_ebuild_name_glep55, _unicode_decode, _unicode_encode |
34 |
_shell_quote, _split_ebuild_name_glep55, _unicode_decode, _unicode_encode |
35 |
from portage.const import EBUILD_SH_ENV_FILE, EBUILD_SH_ENV_DIR, \ |
35 |
from portage.const import EBUILD_SH_ENV_FILE, EBUILD_SH_ENV_DIR, \ |
36 |
EBUILD_SH_BINARY, INVALID_ENV_FILE, MISC_SH_BINARY, \ |
36 |
EBUILD_SH_BINARY, INVALID_ENV_FILE, MISC_SH_BINARY, \ |
37 |
EPREFIX, EPREFIX_LSTRIP |
37 |
EPREFIX, EPREFIX_LSTRIP, MACOSSANDBOX_PROFILE |
38 |
from portage.data import portage_gid, portage_uid, secpass, \ |
38 |
from portage.data import portage_gid, portage_uid, secpass, \ |
39 |
uid, userpriv_groups |
39 |
uid, userpriv_groups |
40 |
from portage.dbapi.virtual import fakedbapi |
40 |
from portage.dbapi.virtual import fakedbapi |
Lines 931-947
Link Here
|
931 |
restrict = mysettings["PORTAGE_RESTRICT"].split() |
931 |
restrict = mysettings["PORTAGE_RESTRICT"].split() |
932 |
nosandbox = (("userpriv" in features) and \ |
932 |
nosandbox = (("userpriv" in features) and \ |
933 |
("usersandbox" not in features) and \ |
933 |
("usersandbox" not in features) and \ |
|
|
934 |
("macosusersandbox" not in features) and \ |
934 |
"userpriv" not in restrict and \ |
935 |
"userpriv" not in restrict and \ |
935 |
"nouserpriv" not in restrict) |
936 |
"nouserpriv" not in restrict) |
936 |
if nosandbox and ("userpriv" not in features or \ |
937 |
if nosandbox and ("userpriv" not in features or \ |
937 |
"userpriv" in restrict or \ |
938 |
"userpriv" in restrict or \ |
938 |
"nouserpriv" in restrict): |
939 |
"nouserpriv" in restrict): |
939 |
nosandbox = ("sandbox" not in features and \ |
940 |
nosandbox = ("sandbox" not in features and \ |
940 |
"usersandbox" not in features) |
941 |
"usersandbox" not in features and \ |
|
|
942 |
"macosusersandbox" not in features) |
941 |
|
943 |
|
942 |
if not portage.process.sandbox_capable: |
944 |
if not portage.process.sandbox_capable: |
943 |
nosandbox = True |
945 |
nosandbox = True |
944 |
|
946 |
|
|
|
947 |
if not portage.process.macossandbox_capable: |
948 |
nosandbox = True |
949 |
|
945 |
sesandbox = mysettings.selinux_enabled() and \ |
950 |
sesandbox = mysettings.selinux_enabled() and \ |
946 |
"sesandbox" in mysettings.features |
951 |
"sesandbox" in mysettings.features |
947 |
|
952 |
|
Lines 1221-1235
Link Here
|
1221 |
# fake ownership/permissions will have to be converted to real |
1226 |
# fake ownership/permissions will have to be converted to real |
1222 |
# permissions in the merge phase. |
1227 |
# permissions in the merge phase. |
1223 |
fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable |
1228 |
fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable |
|
|
1229 |
macossandbox = ("macossandbox" in features or \ |
1230 |
"macosusersandbox" in features) |
1224 |
if droppriv and not uid and portage_gid and portage_uid: |
1231 |
if droppriv and not uid and portage_gid and portage_uid: |
1225 |
keywords.update({"uid":portage_uid,"gid":portage_gid, |
1232 |
keywords.update({"uid":portage_uid,"gid":portage_gid, |
1226 |
"groups":userpriv_groups,"umask":0o02}) |
1233 |
"groups":userpriv_groups,"umask":0o02}) |
1227 |
if not free: |
1234 |
if not free: |
1228 |
free=((droppriv and "usersandbox" not in features) or \ |
1235 |
free=((droppriv and "usersandbox" not in features and |
|
|
1236 |
"macosusersandbox" not in features) or \ |
1229 |
(not droppriv and "sandbox" not in features and \ |
1237 |
(not droppriv and "sandbox" not in features and \ |
1230 |
"usersandbox" not in features and not fakeroot)) |
1238 |
"usersandbox" not in features and not fakeroot and \ |
|
|
1239 |
not macossandbox)) |
1240 |
|
1241 |
# confining the process to a prefix sandbox is disabled by default, if |
1242 |
# a normal sandbox is requested a this point, it will be used, if no |
1243 |
# sandbox is requested, a prefix sandbox will be imposed if requested |
1244 |
# by the appropriate features |
1245 |
prefixsandbox = False |
1246 |
if free: |
1247 |
prefixsandbox = "macosprefixsandbox" in features |
1248 |
free = not prefixsandbox |
1231 |
|
1249 |
|
1232 |
if not free and not (fakeroot or portage.process.sandbox_capable): |
1250 |
if not free and not (fakeroot or portage.process.sandbox_capable or \ |
|
|
1251 |
portage.process.macossandbox_capable): |
1233 |
free = True |
1252 |
free = True |
1234 |
|
1253 |
|
1235 |
if free or "SANDBOX_ACTIVE" in os.environ: |
1254 |
if free or "SANDBOX_ACTIVE" in os.environ: |
Lines 1239-1244
Link Here
|
1239 |
keywords["opt_name"] += " fakeroot" |
1258 |
keywords["opt_name"] += " fakeroot" |
1240 |
keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state") |
1259 |
keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state") |
1241 |
spawn_func = portage.process.spawn_fakeroot |
1260 |
spawn_func = portage.process.spawn_fakeroot |
|
|
1261 |
elif macossandbox: |
1262 |
keywords["opt_name"] += " macossandbox" |
1263 |
if prefixsandbox: |
1264 |
sbprefixpath = mysettings["EPREFIX"] |
1265 |
else: |
1266 |
sbprefixpath = mysettings["PORTAGE_BUILDDIR"] |
1267 |
|
1268 |
# escape some characters with special meaning in re's |
1269 |
sbprefixre = sbprefixpath.replace("+", "\+") |
1270 |
sbprefixre = sbprefixre.replace("*", "\*") |
1271 |
sbprefixre = sbprefixre.replace("[", "\[") |
1272 |
sbprefixre = sbprefixre.replace("[", "\[") |
1273 |
|
1274 |
sbprofile = MACOSSANDBOX_PROFILE |
1275 |
sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX@@", sbprefixpath) |
1276 |
sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX_RE@@", sbprefixre) |
1277 |
|
1278 |
keywords["profile"] = sbprofile |
1279 |
spawn_func = portage.process.spawn_macossandbox |
1242 |
else: |
1280 |
else: |
1243 |
keywords["opt_name"] += " sandbox" |
1281 |
keywords["opt_name"] += " sandbox" |
1244 |
spawn_func = portage.process.spawn_sandbox |
1282 |
spawn_func = portage.process.spawn_sandbox |