Attachment #87433 for bug #122517






try:
	import portage_selinux
except OSError, e:
	writemsg("!!! SELinux not loaded: %s\n" % str(e), noiselevel=-1)
	del e
except ImportError:
	pass

		if getattr(self, "_selinux_enabled", None) is None:
			self._selinux_enabled = 0
			if "selinux" in self["USE"].split():
				if "portage_selinux" in globals():
					# is_selinux_enabled() returns -1, 0, or 1
					if portage_selinux.is_selinux_enabled() == 1:
						self._selinux_enabled = selinux.enabled
					else:
						self._selinux_enabled = 1

					self._selinux_enabled = 0
			if self._selinux_enabled == 0:
				try:	
					del sys.modules["portage_selinux"]
				except KeyError:
					pass
		return self._selinux_enabled

	if sesandbox:
		con = selinux.getcontext()
		con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_SANDBOX_T"])
		portage_selinux.setexec(con)

	retval = spawn_func(mystring, env=env, **keywords)

	if sesandbox:
		portage_selinux.setexec(None)

	return retval


					try:

						if mysettings.selinux_enabled():
							con = portage_selinux.getcontext()
							con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"])
							portage_selinux.setexec(con)

						myret = portage_exec.spawn_bash(myfetch,
							env=mysettings.environ(), **spawn_keywords)

						if mysettings.selinux_enabled():
							portage_selinux.setexec(None)

					finally:
						#if root, -always- set the perms.

			if destexists and not stat.S_ISDIR(dstat[stat.ST_MODE]):
				os.unlink(dest)
			if selinux_enabled:
				sid = portage_selinux.get_lsid(src)
				portage_selinux.secure_symlink(target, dest, sid)
			else:
				os.symlink(target,dest)
			lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID])

	if sstat[stat.ST_DEV]==dstat[stat.ST_DEV] or selinux_enabled:
		try:
			if selinux_enabled:
				ret = portage_selinux.secure_rename(src, dest)
			else:
				ret=os.rename(src,dest)
			renamefailed=0

		if stat.S_ISREG(sstat[stat.ST_MODE]):
			try: # For safety copy then move it over.
				if selinux_enabled:
					portage_selinux.secure_copy(src, dest+"#new")
					portage_selinux.secure_rename(dest+"#new", dest)
				else:
					shutil.copyfile(src,dest+"#new")
					os.rename(dest+"#new",dest)

						print "bak",mydest,mydest+".backup"
						#now create our directory
						if self.settings.selinux_enabled():
							sid = portage_selinux.get_sid(mysrc)
							portage_selinux.secure_mkdir(mydest, sid)
						else:
							os.mkdir(mydest)
						if bsd_chflags:

				else:
					#destination doesn't exist
					if self.settings.selinux_enabled():
						sid = portage_selinux.get_sid(mysrc)
						portage_selinux.secure_mkdir(mydest, sid)
					else:
						os.mkdir(mydest)
					os.chmod(mydest,mystat[0])

Return to bug 122517

Lines 115-123 Link Here

(-)pym/portage.py (-19 / +20 lines)
115		115
116		116
117	try:	117	try:
118	import selinux	118	import portage_selinux
119	except OSError, e:	119	except OSError, e:
120	writemsg("!!! SELinux not loaded: %s\n" % str(e))	120	writemsg("!!! SELinux not loaded: %s\n" % str(e), noiselevel=-1)
121	del e	121	del e
122	except ImportError:	122	except ImportError:
123	pass	123	pass
Lines 1791-1798 Link Here
1791	if getattr(self, "_selinux_enabled", None) is None:	1791	if getattr(self, "_selinux_enabled", None) is None:
1792	self._selinux_enabled = 0	1792	self._selinux_enabled = 0
1793	if "selinux" in self["USE"].split():	1793	if "selinux" in self["USE"].split():
1794	if "selinux" in globals():	1794	if "portage_selinux" in globals():
1795	if hasattr(selinux, "enabled"):	1795	# is_selinux_enabled() returns -1, 0, or 1
		1796	if portage_selinux.is_selinux_enabled() == 1:
1796	self._selinux_enabled = selinux.enabled	1797	self._selinux_enabled = selinux.enabled
1797	else:	1798	else:
1798	self._selinux_enabled = 1	1799	self._selinux_enabled = 1
Lines 1801-1807 Link Here
1801	self._selinux_enabled = 0	1802	self._selinux_enabled = 0
1802	if self._selinux_enabled == 0:	1803	if self._selinux_enabled == 0:
1803	try:	1804	try:
1804	del sys.modules["selinux"]	1805	del sys.modules["portage_selinux"]
1805	except KeyError:	1806	except KeyError:
1806	pass	1807	pass
1807	return self._selinux_enabled	1808	return self._selinux_enabled
Lines 1848-1859 Link Here
1848	if sesandbox:	1849	if sesandbox:
1849	con = selinux.getcontext()	1850	con = selinux.getcontext()
1850	con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_SANDBOX_T"])	1851	con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_SANDBOX_T"])
1851	selinux.setexec(con)	1852	portage_selinux.setexec(con)
1852		1853
1853	retval = spawn_func(mystring, env=env, **keywords)	1854	retval = spawn_func(mystring, env=env, **keywords)
1854		1855
1855	if sesandbox:	1856	if sesandbox:
1856	selinux.setexec(None)	1857	portage_selinux.setexec(None)
1857		1858
1858	return retval	1859	return retval
1859		1860
Lines 2157-2171 Link Here
2157	try:	2158	try:
2158		2159
2159	if mysettings.selinux_enabled():	2160	if mysettings.selinux_enabled():
2160	con = selinux.getcontext()	2161	con = portage_selinux.getcontext()
2161	con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"])	2162	con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"])
2162	selinux.setexec(con)	2163	portage_selinux.setexec(con)
2163		2164
2164	myret = portage_exec.spawn_bash(myfetch,	2165	myret = portage_exec.spawn_bash(myfetch,
2165	env=mysettings.environ(), **spawn_keywords)	2166	env=mysettings.environ(), **spawn_keywords)
2166		2167
2167	if mysettings.selinux_enabled():	2168	if mysettings.selinux_enabled():
2168	selinux.setexec(None)	2169	portage_selinux.setexec(None)
2169		2170
2170	finally:	2171	finally:
2171	#if root, -always- set the perms.	2172	#if root, -always- set the perms.
Lines 3009-3016 Link Here
3009	if destexists and not stat.S_ISDIR(dstat[stat.ST_MODE]):	3010	if destexists and not stat.S_ISDIR(dstat[stat.ST_MODE]):
3010	os.unlink(dest)	3011	os.unlink(dest)
3011	if selinux_enabled:	3012	if selinux_enabled:
3012	sid = selinux.get_lsid(src)	3013	sid = portage_selinux.get_lsid(src)
3013	selinux.secure_symlink(target,dest,sid)	3014	portage_selinux.secure_symlink(target, dest, sid)
3014	else:	3015	else:
3015	os.symlink(target,dest)	3016	os.symlink(target,dest)
3016	lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID])	3017	lchown(dest,sstat[stat.ST_UID],sstat[stat.ST_GID])
Lines 3034-3040 Link Here
3034	if sstat[stat.ST_DEV]==dstat[stat.ST_DEV] or selinux_enabled:	3035	if sstat[stat.ST_DEV]==dstat[stat.ST_DEV] or selinux_enabled:
3035	try:	3036	try:
3036	if selinux_enabled:	3037	if selinux_enabled:
3037	ret=selinux.secure_rename(src,dest)	3038	ret = portage_selinux.secure_rename(src, dest)
3038	else:	3039	else:
3039	ret=os.rename(src,dest)	3040	ret=os.rename(src,dest)
3040	renamefailed=0	3041	renamefailed=0
Lines 3052-3059 Link Here
3052	if stat.S_ISREG(sstat[stat.ST_MODE]):	3053	if stat.S_ISREG(sstat[stat.ST_MODE]):
3053	try: # For safety copy then move it over.	3054	try: # For safety copy then move it over.
3054	if selinux_enabled:	3055	if selinux_enabled:
3055	selinux.secure_copy(src,dest+"#new")	3056	portage_selinux.secure_copy(src, dest+"#new")
3056	selinux.secure_rename(dest+"#new",dest)	3057	portage_selinux.secure_rename(dest+"#new", dest)
3057	else:	3058	else:
3058	shutil.copyfile(src,dest+"#new")	3059	shutil.copyfile(src,dest+"#new")
3059	os.rename(dest+"#new",dest)	3060	os.rename(dest+"#new",dest)
Lines 6369-6376 Link Here
6369	print "bak",mydest,mydest+".backup"	6370	print "bak",mydest,mydest+".backup"
6370	#now create our directory	6371	#now create our directory
6371	if self.settings.selinux_enabled():	6372	if self.settings.selinux_enabled():
6372	sid = selinux.get_sid(mysrc)	6373	sid = portage_selinux.get_sid(mysrc)
6373	selinux.secure_mkdir(mydest,sid)	6374	portage_selinux.secure_mkdir(mydest, sid)
6374	else:	6375	else:
6375	os.mkdir(mydest)	6376	os.mkdir(mydest)
6376	if bsd_chflags:	6377	if bsd_chflags:
Lines 6381-6388 Link Here
6381	else:	6382	else:
6382	#destination doesn't exist	6383	#destination doesn't exist
6383	if self.settings.selinux_enabled():	6384	if self.settings.selinux_enabled():
6384	sid = selinux.get_sid(mysrc)	6385	sid = portage_selinux.get_sid(mysrc)
6385	selinux.secure_mkdir(mydest,sid)	6386	portage_selinux.secure_mkdir(mydest, sid)
6386	else:	6387	else:
6387	os.mkdir(mydest)	6388	os.mkdir(mydest)
6388	os.chmod(mydest,mystat[0])	6389	os.chmod(mydest,mystat[0])