[gentoo-portage-dev] [PATCH] _post_phase_userpriv_perms: handle $HOME (bug 713100)

2020-03-22 Thread Zac Medico
Ensure that the userpriv UID has appropriate permission for files
created in $HOME during privileged phases like pkg_setup, in the
same way as for $T. This prevents potential permission issues for
programs invoked during unprivileged phases, and it improves
alignment with PMS which specifies identical behavior for both
$HOME and $T.

Bug: https://bugs.gentoo.org/713100
Signed-off-by: Zac Medico 
---
 lib/portage/package/ebuild/doebuild.py | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/portage/package/ebuild/doebuild.py 
b/lib/portage/package/ebuild/doebuild.py
index 75fcb8a51..2bff94cb1 100644
--- a/lib/portage/package/ebuild/doebuild.py
+++ b/lib/portage/package/ebuild/doebuild.py
@@ -1765,9 +1765,10 @@ def _post_phase_userpriv_perms(mysettings):
if "userpriv" in mysettings.features and secpass >= 2:
""" Privileged phases may have left files that need to be made
writable to a less privileged user."""
-   apply_recursive_permissions(mysettings["T"],
-   uid=portage_uid, gid=portage_gid, dirmode=0o700, 
dirmask=0,
-   filemode=0o600, filemask=0)
+   for path in (mysettings["HOME"], mysettings["T"]):
+   apply_recursive_permissions(path,
+   uid=portage_uid, gid=portage_gid, 
dirmode=0o700, dirmask=0,
+   filemode=0o600, filemask=0)
 
 
 def _check_build_log(mysettings, out=None):
-- 
2.24.1




[gentoo-portage-dev] [PATCH] _post_phase_userpriv_perms: handle $HOME (bug 713100)

2020-03-21 Thread Zac Medico
Ensure that the userpriv UID has appropriate permission for files
created in $HOME during privileged phases like pkg_setup, in the
same way as for $T. This prevents potential permission issues for
programs invoked during unprivileged phases, and it improves
alignment with PMS which specifies identical behavior for both
$HOME and $T.

Bug: https://bugs.gentoo.org/713100
Signed-off-by: Zac Medico 
---
 lib/portage/package/ebuild/doebuild.py | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/portage/package/ebuild/doebuild.py 
b/lib/portage/package/ebuild/doebuild.py
index 75fcb8a51..2bff94cb1 100644
--- a/lib/portage/package/ebuild/doebuild.py
+++ b/lib/portage/package/ebuild/doebuild.py
@@ -1765,9 +1765,10 @@ def _post_phase_userpriv_perms(mysettings):
if "userpriv" in mysettings.features and secpass >= 2:
""" Privileged phases may have left files that need to be made
writable to a less privileged user."""
-   apply_recursive_permissions(mysettings["T"],
-   uid=portage_uid, gid=portage_gid, dirmode=0o700, 
dirmask=0,
-   filemode=0o600, filemask=0)
+   for path in (mysettings["HOME"], mysettings["T"]):
+   apply_recursive_permissions(path,
+   uid=portage_uid, gid=portage_gid, 
dirmode=0o700, dirmask=0,
+   filemode=0o600, filemask=0)
 
 
 def _check_build_log(mysettings, out=None):
-- 
2.24.1