Since SELinux does not allow LD_PRELOAD across domain transitions. disable the LD_PRELOAD sandbox for preinst_selinux_labels.
Bug: https://bugs.gentoo.org/655996 --- pym/_emerge/EbuildPhase.py | 37 +++++++++++++++++++++++++++++++++- pym/_emerge/MiscFunctionsProcess.py | 6 +++++- pym/portage/package/ebuild/doebuild.py | 26 +++++++++++++++++------- 3 files changed, 60 insertions(+), 9 deletions(-) diff --git a/pym/_emerge/EbuildPhase.py b/pym/_emerge/EbuildPhase.py index 890b17870..9795bec13 100644 --- a/pym/_emerge/EbuildPhase.py +++ b/pym/_emerge/EbuildPhase.py @@ -275,7 +275,7 @@ class EbuildPhase(CompositeTask): # when FEATURES=compress-build-logs is enabled. fd, logfile = tempfile.mkstemp() os.close(fd) - post_phase = MiscFunctionsProcess(background=self.background, + post_phase = _PostPhaseCommands(background=self.background, commands=post_phase_cmds, fd_pipes=self.fd_pipes, logfile=logfile, phase=self.phase, scheduler=self.scheduler, settings=settings) @@ -405,3 +405,38 @@ class EbuildPhase(CompositeTask): log_path = self.settings.get("PORTAGE_LOG_FILE") self.scheduler.output(msg, log_path=log_path, background=background) + + +class _PostPhaseCommands(CompositeTask): + + __slots__ = ("fd_pipes", "logfile", "phase", "settings", "commands", + "_remaining_cmds") + + def _start(self): + if isinstance(self.commands, list): + self._remaining_cmds = [({}, self.commands)] + else: + self._remaining_cmds = list(reversed(self.commands)) + + if 'selinux' not in self.settings.features: + self._remaining_cmds = [(kwargs, commands) for kwargs, commands in + self._remaining_cmds if not kwargs.get('selinux_only')] + + self._start_phase_cmds() + + def _start_phase_cmds(self, previous=None): + if previous is not None: + if not self._remaining_cmds: + self._default_final_exit(previous) + self._async_wait() + return + elif self._default_exit(previous) != os.EX_OK: + self._async_wait() + return + + kwargs, commands = self._remaining_cmds.pop() + + self._start_task(MiscFunctionsProcess(background=self.background, + commands=commands, fd_pipes=self.fd_pipes, + logfile=self.logfile, phase=self.phase, scheduler=self.scheduler, + settings=self.settings, **kwargs), self._start_phase_cmds) diff --git a/pym/_emerge/MiscFunctionsProcess.py b/pym/_emerge/MiscFunctionsProcess.py index 99cf5983f..89fd22635 100644 --- a/pym/_emerge/MiscFunctionsProcess.py +++ b/pym/_emerge/MiscFunctionsProcess.py @@ -13,7 +13,7 @@ class MiscFunctionsProcess(AbstractEbuildProcess): Spawns misc-functions.sh with an existing ebuild environment. """ - __slots__ = ('commands',) + __slots__ = ('commands', 'ld_preload_sandbox') def _start(self): settings = self.settings @@ -29,6 +29,10 @@ class MiscFunctionsProcess(AbstractEbuildProcess): AbstractEbuildProcess._start(self) def _spawn(self, args, **kwargs): + # If self.ld_preload_sandbox is None, default to free=False, + # in alignment with the spawn(free=False) default. + kwargs.setdefault('free', False if self.ld_preload_sandbox is None + else not self.ld_preload_sandbox) if self._dummy_pipe_fd is not None: self.settings["PORTAGE_PIPE_FD"] = str(self._dummy_pipe_fd) diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py index 31b552ff3..499492b94 100644 --- a/pym/portage/package/ebuild/doebuild.py +++ b/pym/portage/package/ebuild/doebuild.py @@ -1722,13 +1722,25 @@ _post_phase_cmds = { "install_symlink_html_docs", "install_hooks"], - "preinst" : [ - "preinst_sfperms", - "preinst_selinux_labels", - "preinst_suid_scan", - "preinst_qa_check", - ], - + "preinst" : ( + ( + { + "ld_preload_sandbox": False, + "selinux_only": True, + }, + [ + "preinst_selinux_labels", + ], + ), + ( + {}, + [ + "preinst_sfperms", + "preinst_suid_scan", + "preinst_qa_check", + ], + ), + ), "postinst" : [ "postinst_qa_check"], } -- 2.13.6
