Attachment #384478 for bug #519566




				"uid": portage_uid,
				"gid": portage_gid,
				"groups": userpriv_groups,
				"umask": 0o22
			})

			# Adjust pty ownership so that subprocesses

		""" Privileged phases may have left files that need to be made
		writable to a less privileged user."""
		apply_recursive_permissions(mysettings["T"],
			uid=portage_uid, gid=portage_gid, dirmode=0o700, dirmask=0,
			filemode=0o600, filemask=0)


def _check_build_log(mysettings, out=None):
	"""




			ensure_dirs(mydir)
			try:
				apply_secpass_permissions(mydir,
					gid=portage_gid, uid=portage_uid, mode=0o700, mask=0)
			except PortageException:
				if not os.path.isdir(mydir):
					raise
		for dir_key in ("PORTAGE_BUILDDIR", "HOME", "PKG_LOGDIR", "T"):
			ensure_dirs(mysettings[dir_key], mode=0o755)
			However, the setup phase is commonly run as a privileged user prior
			to the other phases being run by an unprivileged user.  Currently,
			we use the portage group to ensure that the unprivleged user still
			has write access to these directories in any case."""
			ensure_dirs(mysettings[dir_key], mode=0o775)
			apply_secpass_permissions(mysettings[dir_key],
				uid=portage_uid, gid=portage_gid)
	except PermissionDenied as e:
- 

Return to bug 519566

Lines 1486-1492 def spawn(mystring, mysettings, debug=False, free=False, droppriv=False, Link Here

(-)a/pym/portage/package/ebuild/doebuild.py (-3 / +4 lines)
1486	"uid": portage_uid,	1486	"uid": portage_uid,
1487	"gid": portage_gid,	1487	"gid": portage_gid,
1488	"groups": userpriv_groups,	1488	"groups": userpriv_groups,
1489	"umask": 0o02	1489	"umask": 0o22
1490	})	1490	})
1491		1491
1492	# Adjust pty ownership so that subprocesses	1492	# Adjust pty ownership so that subprocesses
Lines 1644-1651 def _post_phase_userpriv_perms(mysettings): Link Here
1644	""" Privileged phases may have left files that need to be made	1644	""" Privileged phases may have left files that need to be made
1645	writable to a less privileged user."""	1645	writable to a less privileged user."""
1646	apply_recursive_permissions(mysettings["T"],	1646	apply_recursive_permissions(mysettings["T"],
1647	uid=portage_uid, gid=portage_gid, dirmode=0o70, dirmask=0,	1647	uid=portage_uid, gid=portage_gid, dirmode=0o700, dirmask=0,
1648	filemode=0o60, filemask=0)	1648	filemode=0o600, filemask=0)
		1649
1649		1650
1650	def _check_build_log(mysettings, out=None):	1651	def _check_build_log(mysettings, out=None):
1651	"""	1652	"""

Lines 76-92 def prepare_build_dirs(myroot=None, settings=None, cleanup=False): Link Here

(-)a/pym/portage/package/ebuild/prepare_build_dirs.py (-8 / +2 lines)
76	ensure_dirs(mydir)	76	ensure_dirs(mydir)
77	try:	77	try:
78	apply_secpass_permissions(mydir,	78	apply_secpass_permissions(mydir,
79	gid=portage_gid, uid=portage_uid, mode=0o70, mask=0)	79	gid=portage_gid, uid=portage_uid, mode=0o700, mask=0)
80	except PortageException:	80	except PortageException:
81	if not os.path.isdir(mydir):	81	if not os.path.isdir(mydir):
82	raise	82	raise
83	for dir_key in ("PORTAGE_BUILDDIR", "HOME", "PKG_LOGDIR", "T"):	83	for dir_key in ("PORTAGE_BUILDDIR", "HOME", "PKG_LOGDIR", "T"):
84	"""These directories don't necessarily need to be group writable.	84	ensure_dirs(mysettings[dir_key], mode=0o755)
85	However, the setup phase is commonly run as a privileged user prior
86	to the other phases being run by an unprivileged user. Currently,
87	we use the portage group to ensure that the unprivleged user still
88	has write access to these directories in any case."""
89	ensure_dirs(mysettings[dir_key], mode=0o775)
90	apply_secpass_permissions(mysettings[dir_key],	85	apply_secpass_permissions(mysettings[dir_key],
91	uid=portage_uid, gid=portage_gid)	86	uid=portage_uid, gid=portage_gid)
92	except PermissionDenied as e:	87	except PermissionDenied as e:
93	-