aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Ali Polatel <polatel@gmail.com> 2009-08-27 14:48:29 +0300
committerAvatar Ciaran McCreesh <ciaran.mccreesh@googlemail.com> 2009-08-27 14:10:12 +0100
commit5d897f718d69b9d9ca9fd9ae5c655b16339d4ec4 (patch)
tree176be6b34a51c9f070c94faac638f1b4ba490e08
parent33b601103aa5a842db15342a9e364c6409287c75 (diff)
downloadpaludis-5d897f718d69b9d9ca9fd9ae5c655b16339d4ec4.tar.gz
paludis-5d897f718d69b9d9ca9fd9ae5c655b16339d4ec4.tar.xz
Update sydbox usage
Signed-off-by: Ali Polatel <polatel@gmail.com>
-rwxr-xr-xpaludis/repositories/e/ebuild/ebuild.bash12
-rw-r--r--paludis/util/system.cc2
2 files changed, 10 insertions, 4 deletions
diff --git a/paludis/repositories/e/ebuild/ebuild.bash b/paludis/repositories/e/ebuild/ebuild.bash
index c147612..47ae43b 100755
--- a/paludis/repositories/e/ebuild/ebuild.bash
+++ b/paludis/repositories/e/ebuild/ebuild.bash
@@ -554,7 +554,7 @@ ebuild_main()
if [[ $1 == metadata ]]; then
# Ban execve() calls if we're running under sydbox
if sydboxcheck 2>/dev/null; then
- sydboxcmd sandbox_exec || ebuild_notice "warning" "sydboxcmd sandbox_exec returned failure"
+ sydboxcmd sandbox/exec || ebuild_notice "warning" "sydboxcmd sandbox/exec returned failure"
else
for f in cut tr date ; do
eval "${f}() { ebuild_notice qa 'global scope ${f}' ; $(type -P ${f} ) \"\$@\" ; }"
@@ -566,7 +566,7 @@ ebuild_main()
PATH="" ebuild_load_ebuild "${EBUILD}"
# Unban execve() calls if we're running under sydbox
if sydboxcheck 2>/dev/null; then
- sydboxcmd unsandbox_exec || ebuild_notice "warning" "sydboxcmd unsandbox_exec returned failure"
+ sydboxcmd sandunbox/exec || ebuild_notice "warning" "sydboxcmd sandunbox/exec returned failure"
fi
else
ebuild_load_em_up_dan
@@ -583,13 +583,17 @@ ebuild_main()
# Restrict network access to local if running under sydbox
if [[ $action != unpack ]]; then
if sydboxcheck 2>/dev/null; then
- sydboxcmd net/local_self || ebuild_notice "warning" "sydboxcmd net/local_self returned failure"
+ sydboxcmd sandbox/net || ebuild_notice "warning" "sydboxcmd sandbox/net returned failure"
+ sydboxcmd net/local || ebuild_notice "warning" "sydboxcmd net/local returned failure"
+ sydboxcmd net/restrict/connect || ebuild_notice "warning" "sydboxcmd net/restrict_connect return failure"
fi
fi
if ! ${PALUDIS_F_FUNCTION_PREFIX:-ebuild_f}_${action} ; then
if [[ $action != unpack ]]; then
if sydboxcheck 2>/dev/null; then
+ sydboxcmd sandunbox/net || ebuild_notice "warning" "sydboxcmd sandunbox/net returned failure"
sydboxcmd net/allow || ebuild_notice "warning" "sydboxcmd net/allow returned failure"
+ sydboxcmd net/unrestrict/connect || ebuild_notice "warning" "sydboxcmd net/unrestrict/connect returned failure"
fi
fi
perform_hook ebuild_${action}_fail
@@ -597,7 +601,9 @@ ebuild_main()
fi
if [[ $action != unpack ]]; then
if sydboxcheck 2>/dev/null; then
+ sydboxcmd sandunbox/net || ebuild_notice "warning" "sydboxcmd sandunbox/net returned failure"
sydboxcmd net/allow || ebuild_notice "warning" "sydboxcmd net/allow returned failure"
+ sydboxcmd net/unrestrict/connect || ebuild_notice "warning" "sydboxcmd net/unrestrict/connect returned failure"
fi
fi
perform_hook ebuild_${action}_post
diff --git a/paludis/util/system.cc b/paludis/util/system.cc
index 427019f..1d63391 100644
--- a/paludis/util/system.cc
+++ b/paludis/util/system.cc
@@ -340,7 +340,7 @@ Command::with_sydbox()
if (! getenv_with_default("PALUDIS_DO_NOTHING_SANDBOXY", "").empty())
Log::get_instance()->message("util.system.nothing_sandboxy", ll_debug, lc_no_context)
<< "PALUDIS_DO_NOTHING_SANDBOXY is set, not using sydbox";
- else if (-1 != stat("/dev/sydbox", &buf))
+ else if (! getenv_with_default("SYDBOX_ACTIVE", "").empty())
Log::get_instance()->message("util.system.sandbox_in_sandbox", ll_warning, lc_no_context)
<< "Already inside sydbox, not spawning another sydbox instance";
else