=== modified file 'pym/portage.py'
--- pym/portage.py	
+++ pym/portage.py	
@@ -1659,20 +1659,22 @@
 		free=((droppriv and "usersandbox" not in features) or \
 			(not droppriv and "sandbox" not in features and "usersandbox" not in features))
 
+	if free:
+		keywords["opt_name"] += " bash"
+	else:
+		keywords["opt_name"] += " sandbox"
+
 	if sesandbox:
 		con = selinux.getcontext()
 		con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_SANDBOX_T"])
 		selinux.setexec(con)
 
-	if not free:
-		keywords["opt_name"] += " sandbox"
-		return portage_exec.spawn_sandbox(mystring,env=env,**keywords)
-	else:
-		keywords["opt_name"] += " bash"
-		return portage_exec.spawn_bash(mystring,env=env,**keywords)
-	
+	retval = portage_exec.spawn_bash(mystring, env=env, **keywords)
+
 	if sesandbox:
 		selinux.setexec(None)
+
+	return retval
 
 def fetch(myuris, mysettings, listonly=0, fetchonly=0, locks_in_subdir=".locks",use_locks=1, try_mirrors=1):
 	"fetch files.  Will use digest file if available."
@@ -1955,9 +1957,14 @@
 					myfetch=string.replace(locfetch,"${URI}",loc)
 					myfetch=string.replace(myfetch,"${FILE}",myfile)
 					try:
-						myret = spawn(myfetch, mysettings, free=1,
-							droppriv=("userfetch" in mysettings.features),
-							sesandbox=selinux_enabled)
+						if selinux_enabled:
+							con = selinux.getcontext()
+							con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"])
+							selinux.setexec(con)
+							myret = spawn(myfetch, mysettings, free=1, droppriv=("userfetch" in mysettings.features))
+							selinux.setexec(None)
+						else:
+							myret = spawn(myfetch, mysettings, free=1, droppriv=("userfetch" in mysettings.features))
 					finally:
 						#if root, -always- set the perms.
 						if os.path.exists(mysettings["DISTDIR"]+"/"+myfile) and (fetched != 1 or os.getuid() == 0) \