Lines 8-20
Link Here
|
8 |
|
8 |
|
9 |
from pkgcore.util.mappings import ProtectedDict |
9 |
from pkgcore.util.mappings import ProtectedDict |
10 |
from pkgcore.const import BASH_BINARY, SANDBOX_BINARY, FAKED_PATH, LIBFAKEROOT_PATH |
10 |
from pkgcore.const import BASH_BINARY, SANDBOX_BINARY, FAKED_PATH, LIBFAKEROOT_PATH |
11 |
|
|
|
12 |
|
11 |
|
13 |
try: |
12 |
try: |
14 |
import resource |
13 |
import resource |
15 |
max_fd_limit = resource.getrlimit(resource.RLIMIT_NOFILE)[0] |
14 |
max_fd_limit = resource.getrlimit(resource.RLIMIT_NOFILE)[0] |
16 |
except ImportError: |
15 |
except ImportError: |
17 |
max_fd_limit = 256 |
16 |
max_fd_limit = 256 |
|
|
17 |
|
18 |
if os.path.isdir("/proc/%i/fd" % os.getpid()): |
19 |
def get_open_fds(): |
20 |
return map(int, os.listdir("/proc/%i/fd" % os.getpid())) |
21 |
else: |
22 |
def get_open_fds(): |
23 |
return xrange(max_fd_limit) |
24 |
|
18 |
|
25 |
|
19 |
sandbox_capable = (os.path.isfile(SANDBOX_BINARY) and |
26 |
sandbox_capable = (os.path.isfile(SANDBOX_BINARY) and |
20 |
os.access(SANDBOX_BINARY, os.X_OK)) |
27 |
os.access(SANDBOX_BINARY, os.X_OK)) |
Lines 163-168
Link Here
|
163 |
fd_pipes[1] = pw |
170 |
fd_pipes[1] = pw |
164 |
fd_pipes[2] = pw |
171 |
fd_pipes[2] = pw |
165 |
|
172 |
|
|
|
173 |
|
166 |
pid = os.fork() |
174 |
pid = os.fork() |
167 |
|
175 |
|
168 |
if not pid: |
176 |
if not pid: |
Lines 246-252
Link Here
|
246 |
os.dup2(my_fds[fd], fd) |
254 |
os.dup2(my_fds[fd], fd) |
247 |
# Then close _all_ fds that haven't been explictly |
255 |
# Then close _all_ fds that haven't been explictly |
248 |
# requested to be kept open. |
256 |
# requested to be kept open. |
249 |
for fd in range(max_fd_limit): |
257 |
for fd in get_open_fds(): |
250 |
if fd not in my_fds: |
258 |
if fd not in my_fds: |
251 |
try: |
259 |
try: |
252 |
os.close(fd) |
260 |
os.close(fd) |