Attachment #356282 for bug #481450

Lines 12-17 import io Link Here

(-)a/pym/portage/package/ebuild/doebuild.py (-1 / +20 lines)
12	from itertools import chain	12	from itertools import chain
13	import logging	13	import logging
14	import os as _os	14	import os as _os
		15	import platform
15	import pwd	16	import pwd
16	import re	17	import re
17	import signal	18	import signal
Lines 81-86 _unsandboxed_phases = frozenset([ Link Here
81	"prerm", "setup"	82	"prerm", "setup"
82	])	83	])
83		84
		85	# phases in which networking access is allowed
		86	_networked_phases = frozenset([
		87	# for VCS fetching
		88	"unpack",
		89	# for IPC
		90	"setup", "pretend",
		91	"preinst", "postinst", "prerm", "postrm",
		92	])
		93
84	_phase_func_map = {	94	_phase_func_map = {
85	"config": "pkg_config",	95	"config": "pkg_config",
86	"setup": "pkg_setup",	96	"setup": "pkg_setup",
Lines 110-115 def _doebuild_spawn(phase, settings, actionmap=None, **kwargs): Link Here
110		120
111	if phase in _unsandboxed_phases:	121	if phase in _unsandboxed_phases:
112	kwargs['free'] = True	122	kwargs['free'] = True
		123	if phase in _networked_phases:
		124	kwargs['networked'] = True
113		125
114	if phase == 'depend':	126	if phase == 'depend':
115	kwargs['droppriv'] = 'userpriv' in settings.features	127	kwargs['droppriv'] = 'userpriv' in settings.features
Lines 1387-1393 def _validate_deps(mysettings, myroot, mydo, mydbapi): Link Here
1387		1399
1388	# XXX This would be to replace getstatusoutput completely.	1400	# XXX This would be to replace getstatusoutput completely.
1389	# XXX Issue: cannot block execution. Deadlock condition.	1401	# XXX Issue: cannot block execution. Deadlock condition.
1390	def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakeroot=0, **keywords):	1402	def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakeroot=0, networked=0, **keywords):
1391	"""	1403	"""
1392	Spawn a subprocess with extra portage-specific options.	1404	Spawn a subprocess with extra portage-specific options.
1393	Optiosn include:	1405	Optiosn include:
Lines 1417-1422 def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero Link Here
1417	@type sesandbox: Boolean	1429	@type sesandbox: Boolean
1418	@param fakeroot: Run this command with faked root privileges	1430	@param fakeroot: Run this command with faked root privileges
1419	@type fakeroot: Boolean	1431	@type fakeroot: Boolean
		1432	@param networked: Run this command with networking access enabled
		1433	@type networked: Boolean
1420	@param keywords: Extra options encoded as a dict, to be passed to spawn	1434	@param keywords: Extra options encoded as a dict, to be passed to spawn
1421	@type keywords: Dictionary	1435	@type keywords: Dictionary
1422	@rtype: Integer	1436	@rtype: Integer
Lines 1444-1449 def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, fakero Link Here
1444	break	1458	break
1445		1459
1446	features = mysettings.features	1460	features = mysettings.features
		1461
		1462	# Unshare network namespace to keep ebuilds sanitized
		1463	if not networked and uid == 0 and platform.system() == 'Linux':
		1464	keywords['unshare_net'] = True
		1465
1447	# TODO: Enable fakeroot to be used together with droppriv. The	1466	# TODO: Enable fakeroot to be used together with droppriv. The
1448	# fake ownership/permissions will have to be converted to real	1467	# fake ownership/permissions will have to be converted to real
1449	# permissions in the merge phase.	1468	# permissions in the merge phase.

Lines 21-26 portage.proxy.lazyimport.lazyimport(globals(), Link Here

(-)a/pym/portage/process.py (-6 / +27 lines)
21		21
22	from portage.const import BASH_BINARY, SANDBOX_BINARY, FAKEROOT_BINARY	22	from portage.const import BASH_BINARY, SANDBOX_BINARY, FAKEROOT_BINARY
23	from portage.exception import CommandNotFound	23	from portage.exception import CommandNotFound
		24	from portage.util._ctypes import find_library, LoadLibrary, ctypes
24		25
25	try:	26	try:
26	import resource	27	import resource
Lines 180-186 def cleanup(): Link Here
180		181
181	def spawn(mycommand, env={}, opt_name=None, fd_pipes=None, returnpid=False,	182	def spawn(mycommand, env={}, opt_name=None, fd_pipes=None, returnpid=False,
182	uid=None, gid=None, groups=None, umask=None, logfile=None,	183	uid=None, gid=None, groups=None, umask=None, logfile=None,
183	path_lookup=True, pre_exec=None, close_fds=True):	184	path_lookup=True, pre_exec=None, close_fds=True, unshare_net=False):
184	"""	185	"""
185	Spawns a given command.	186	Spawns a given command.
186		187
Lines 213-219 def spawn(mycommand, env={}, opt_name=None, fd_pipes=None, returnpid=False, Link Here
213	@param close_fds: If True, then close all file descriptors except those	214	@param close_fds: If True, then close all file descriptors except those
214	referenced by fd_pipes (default is True).	215	referenced by fd_pipes (default is True).
215	@type close_fds: Boolean	216	@type close_fds: Boolean
216		217	@param unshare_net: If True, networking will be unshared from the spawned process
		218	@type unshare_net: Boolean
		219
217	logfile requires stdout and stderr to be assigned to this process (ie not pointed	220	logfile requires stdout and stderr to be assigned to this process (ie not pointed
218	somewhere else.)	221	somewhere else.)
219		222
Lines 284-290 def spawn(mycommand, env={}, opt_name=None, fd_pipes=None, returnpid=False, Link Here
284	if pid == 0:	287	if pid == 0:
285	try:	288	try:
286	_exec(binary, mycommand, opt_name, fd_pipes,	289	_exec(binary, mycommand, opt_name, fd_pipes,
287	env, gid, groups, uid, umask, pre_exec, close_fds)	290	env, gid, groups, uid, umask, pre_exec, close_fds,
		291	unshare_net)
288	except SystemExit:	292	except SystemExit:
289	raise	293	raise
290	except Exception as e:	294	except Exception as e:
Lines 354-360 def spawn(mycommand, env={}, opt_name=None, fd_pipes=None, returnpid=False, Link Here
354	return 0	358	return 0
355		359
356	def _exec(binary, mycommand, opt_name, fd_pipes, env, gid, groups, uid, umask,	360	def _exec(binary, mycommand, opt_name, fd_pipes, env, gid, groups, uid, umask,
357	pre_exec, close_fds):	361	pre_exec, close_fds, unshare_net):
358		362
359	"""	363	"""
360	Execute a given binary with options	364	Execute a given binary with options
Lines 379-388 def _exec(binary, mycommand, opt_name, fd_pipes, env, gid, groups, uid, umask, Link Here
379	@type umask: Integer	383	@type umask: Integer
380	@param pre_exec: A function to be called with no arguments just prior to the exec call.	384	@param pre_exec: A function to be called with no arguments just prior to the exec call.
381	@type pre_exec: callable	385	@type pre_exec: callable
		386	@param unshare_net: If True, networking will be unshared from the spawned process
		387	@type unshare_net: Boolean
382	@rtype: None	388	@rtype: None
383	@return: Never returns (calls os.execve)	389	@return: Never returns (calls os.execve)
384	"""	390	"""
385		391
386	# If the process we're creating hasn't been given a name	392	# If the process we're creating hasn't been given a name
387	# assign it the name of the executable.	393	# assign it the name of the executable.
388	if not opt_name:	394	if not opt_name:
Lines 415-420 def _exec(binary, mycommand, opt_name, fd_pipes, env, gid, groups, uid, umask, Link Here
415		421
416	_setup_pipes(fd_pipes, close_fds=close_fds)	422	_setup_pipes(fd_pipes, close_fds=close_fds)
417		423
		424	# Unshare network (while still uid==0)
		425	if unshare_net:
		426	filename = find_library("c")
		427	if filename is not None:
		428	libc = LoadLibrary(filename)
		429	if libc is not None:
		430	CLONE_NEWNET = 0x40000000
		431	try:
		432	if libc.unshare(CLONE_NEWNET) != 0:
		433	writemsg("Unable to unshare network: %s\n" % (
		434	errno.errorcode.get(ctypes.get_errno(), '?')),
		435	noiselevel=-1)
		436	except AttributeError:
		437	# unshare() not supported by libc
		438	pass
		439
418	# Set requested process permissions.	440	# Set requested process permissions.
419	if gid:	441	if gid:
420	# Cast proxies to int, in case it matters.	442	# Cast proxies to int, in case it matters.
421	-

Return to bug 481450