Attachment #79548 for bug #122517




					myfetch=string.replace(myfetch,"${FILE}",myfile)
					try:
						if selinux_enabled:
							con=selinux_aux.getcontext()
							con=string.replace(con,mysettings["PORTAGE_T"],mysettings["PORTAGE_FETCH_T"])
							selinux_aux.setexec(con)
							myret=spawn(myfetch,mysettings,free=1, droppriv=("userfetch" in mysettings.features))
							selinux_aux.setexec(None)
						else:
							myret=spawn(myfetch,mysettings,free=1, droppriv=("userfetch" in mysettings.features))
					finally:

	# spawn ebuild.sh
	mycommand = EBUILD_SH_BINARY + " "
	if selinux_enabled and ("sesandbox" in features) and (mydo in ["unpack","compile","test","install"]):
		con=selinux_aux.getcontext()
		con=string.replace(con,mysettings["PORTAGE_T"],mysettings["PORTAGE_SANDBOX_T"])
		selinux_aux.setexec(con)
		retval=spawn(mycommand + mydo,mysettings,debug=debug,
				free=actionmap[mydo]["args"][0],
				droppriv=actionmap[mydo]["args"][1],logfile=logfile)
		selinux_aux.setexec(None)
	else:
		retval=spawn(mycommand + mydo,mysettings, debug=debug,
				free=actionmap[mydo]["args"][0],

			if destexists and not stat.S_ISDIR(dstat[stat.ST_MODE]):
				os.unlink(dest)
			if selinux_enabled:
				sid = selinux_aux.get_lsid(src)
				selinux_aux.secure_symlink(target,dest,sid)
			else:
				os.symlink(target,dest)
			lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID])

	if sstat[stat.ST_DEV]==dstat[stat.ST_DEV] or selinux_enabled:
		try:
			if selinux_enabled:
				ret=selinux_aux.secure_rename(src,dest)
			else:
				ret=os.rename(src,dest)
			renamefailed=0

		if stat.S_ISREG(sstat[stat.ST_MODE]):
			try: # For safety copy then move it over.
				if selinux_enabled:
					selinux_aux.secure_copy(src,dest+"#new")
					selinux_aux.secure_rename(dest+"#new",dest)
				else:
					shutil.copyfile(src,dest+"#new")
					os.rename(dest+"#new",dest)

						print "bak",mydest,mydest+".backup"
						#now create our directory
						if selinux_enabled:
							sid = selinux_aux.get_sid(mysrc)
							selinux_aux.secure_mkdir(mydest,sid)
						else:
							os.mkdir(mydest)
						if bsd_chflags:

				else:
					#destination doesn't exist
					if selinux_enabled:
						sid = selinux_aux.get_sid(mysrc)
						selinux_aux.secure_mkdir(mydest,sid)
					else:
						os.mkdir(mydest)
					os.chmod(mydest,mystat[0])


if 'selinux' in settings["USE"].split(" "):
	try:
		import selinux_aux
		if hasattr(selinux_aux, "enabled"):
			selinux_enabled = selinux_aux.enabled
		else:
			selinux_enabled = 1
	except OSError, e:

		selinux_enabled=0
	if selinux_enabled == 0:
		try:	
			del sys.modules["selinux_aux"]
		except KeyError:
			pass
else:

Return to bug 122517

Lines 1974-1984 Link Here

(-)portage.py.orig (-19 / +19 lines)
1974	myfetch=string.replace(myfetch,"${FILE}",myfile)	1974	myfetch=string.replace(myfetch,"${FILE}",myfile)
1975	try:	1975	try:
1976	if selinux_enabled:	1976	if selinux_enabled:
1977	con=selinux.getcontext()	1977	con=selinux_aux.getcontext()
1978	con=string.replace(con,mysettings["PORTAGE_T"],mysettings["PORTAGE_FETCH_T"])	1978	con=string.replace(con,mysettings["PORTAGE_T"],mysettings["PORTAGE_FETCH_T"])
1979	selinux.setexec(con)	1979	selinux_aux.setexec(con)
1980	myret=spawn(myfetch,mysettings,free=1, droppriv=("userfetch" in mysettings.features))	1980	myret=spawn(myfetch,mysettings,free=1, droppriv=("userfetch" in mysettings.features))
1981	selinux.setexec(None)	1981	selinux_aux.setexec(None)
1982	else:	1982	else:
1983	myret=spawn(myfetch,mysettings,free=1, droppriv=("userfetch" in mysettings.features))	1983	myret=spawn(myfetch,mysettings,free=1, droppriv=("userfetch" in mysettings.features))
1984	finally:	1984	finally:
Lines 2394-2406 Link Here
2394	# spawn ebuild.sh	2394	# spawn ebuild.sh
2395	mycommand = EBUILD_SH_BINARY + " "	2395	mycommand = EBUILD_SH_BINARY + " "
2396	if selinux_enabled and ("sesandbox" in features) and (mydo in ["unpack","compile","test","install"]):	2396	if selinux_enabled and ("sesandbox" in features) and (mydo in ["unpack","compile","test","install"]):
2397	con=selinux.getcontext()	2397	con=selinux_aux.getcontext()
2398	con=string.replace(con,mysettings["PORTAGE_T"],mysettings["PORTAGE_SANDBOX_T"])	2398	con=string.replace(con,mysettings["PORTAGE_T"],mysettings["PORTAGE_SANDBOX_T"])
2399	selinux.setexec(con)	2399	selinux_aux.setexec(con)
2400	retval=spawn(mycommand + mydo,mysettings,debug=debug,	2400	retval=spawn(mycommand + mydo,mysettings,debug=debug,
2401	free=actionmap[mydo]["args"][0],	2401	free=actionmap[mydo]["args"][0],
2402	droppriv=actionmap[mydo]["args"][1],logfile=logfile)	2402	droppriv=actionmap[mydo]["args"][1],logfile=logfile)
2403	selinux.setexec(None)	2403	selinux_aux.setexec(None)
2404	else:	2404	else:
2405	retval=spawn(mycommand + mydo,mysettings, debug=debug,	2405	retval=spawn(mycommand + mydo,mysettings, debug=debug,
2406	free=actionmap[mydo]["args"][0],	2406	free=actionmap[mydo]["args"][0],
Lines 2970-2977 Link Here
2970	if destexists and not stat.S_ISDIR(dstat[stat.ST_MODE]):	2970	if destexists and not stat.S_ISDIR(dstat[stat.ST_MODE]):
2971	os.unlink(dest)	2971	os.unlink(dest)
2972	if selinux_enabled:	2972	if selinux_enabled:
2973	sid = selinux.get_lsid(src)	2973	sid = selinux_aux.get_lsid(src)
2974	selinux.secure_symlink(target,dest,sid)	2974	selinux_aux.secure_symlink(target,dest,sid)
2975	else:	2975	else:
2976	os.symlink(target,dest)	2976	os.symlink(target,dest)
2977	lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID])	2977	lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID])
Lines 2994-3000 Link Here
2994	if sstat[stat.ST_DEV]==dstat[stat.ST_DEV] or selinux_enabled:	2994	if sstat[stat.ST_DEV]==dstat[stat.ST_DEV] or selinux_enabled:
2995	try:	2995	try:
2996	if selinux_enabled:	2996	if selinux_enabled:
2997	ret=selinux.secure_rename(src,dest)	2997	ret=selinux_aux.secure_rename(src,dest)
2998	else:	2998	else:
2999	ret=os.rename(src,dest)	2999	ret=os.rename(src,dest)
3000	renamefailed=0	3000	renamefailed=0
Lines 3013-3020 Link Here
3013	if stat.S_ISREG(sstat[stat.ST_MODE]):	3013	if stat.S_ISREG(sstat[stat.ST_MODE]):
3014	try: # For safety copy then move it over.	3014	try: # For safety copy then move it over.
3015	if selinux_enabled:	3015	if selinux_enabled:
3016	selinux.secure_copy(src,dest+"#new")	3016	selinux_aux.secure_copy(src,dest+"#new")
3017	selinux.secure_rename(dest+"#new",dest)	3017	selinux_aux.secure_rename(dest+"#new",dest)
3018	else:	3018	else:
3019	shutil.copyfile(src,dest+"#new")	3019	shutil.copyfile(src,dest+"#new")
3020	os.rename(dest+"#new",dest)	3020	os.rename(dest+"#new",dest)
Lines 6244-6251 Link Here
6244	print "bak",mydest,mydest+".backup"	6244	print "bak",mydest,mydest+".backup"
6245	#now create our directory	6245	#now create our directory
6246	if selinux_enabled:	6246	if selinux_enabled:
6247	sid = selinux.get_sid(mysrc)	6247	sid = selinux_aux.get_sid(mysrc)
6248	selinux.secure_mkdir(mydest,sid)	6248	selinux_aux.secure_mkdir(mydest,sid)
6249	else:	6249	else:
6250	os.mkdir(mydest)	6250	os.mkdir(mydest)
6251	if bsd_chflags:	6251	if bsd_chflags:
Lines 6256-6263 Link Here
6256	else:	6256	else:
6257	#destination doesn't exist	6257	#destination doesn't exist
6258	if selinux_enabled:	6258	if selinux_enabled:
6259	sid = selinux.get_sid(mysrc)	6259	sid = selinux_aux.get_sid(mysrc)
6260	selinux.secure_mkdir(mydest,sid)	6260	selinux_aux.secure_mkdir(mydest,sid)
6261	else:	6261	else:
6262	os.mkdir(mydest)	6262	os.mkdir(mydest)
6263	os.chmod(mydest,mystat[0])	6263	os.chmod(mydest,mystat[0])
Lines 6659-6667 Link Here
6659		6659
6660	if 'selinux' in settings["USE"].split(" "):	6660	if 'selinux' in settings["USE"].split(" "):
6661	try:	6661	try:
6662	import selinux	6662	import selinux_aux
6663	if hasattr(selinux, "enabled"):	6663	if hasattr(selinux_aux, "enabled"):
6664	selinux_enabled = selinux.enabled	6664	selinux_enabled = selinux_aux.enabled
6665	else:	6665	else:
6666	selinux_enabled = 1	6666	selinux_enabled = 1
6667	except OSError, e:	6667	except OSError, e:
Lines 6672-6678 Link Here
6672	selinux_enabled=0	6672	selinux_enabled=0
6673	if selinux_enabled == 0:	6673	if selinux_enabled == 0:
6674	try:	6674	try:
6675	del sys.modules["selinux"]	6675	del sys.modules["selinux_aux"]
6676	except KeyError:	6676	except KeyError:
6677	pass	6677	pass
6678	else:	6678	else: