diff options
| author |  Ali Polatel <alip@exherbo.org>
| 2011-01-20 19:35:45 +0200 |
|---|---|---|
| committer |  Ciaran McCreesh <ciaran.mccreesh@googlemail.com>
| 2011-01-27 16:33:59 +0000 |
| commit | 78c76b83f32c293a7a7b9633c63927944262ea2e (patch) | |
| tree | 66709e0ae7b5ece9e0cbd3e6fd629c8875c794d3 | |
| parent | 64568b71d93d781002799f988fcf0470d4302bd2 (diff) | |
| download | paludis-78c76b83f32c293a7a7b9633c63927944262ea2e.tar.gz paludis-78c76b83f32c293a7a7b9633c63927944262ea2e.tar.xz | |
ebuild.bash: Use esandbox instead of sydboxcmd
| -rwxr-xr-x | paludis/repositories/e/ebuild/ebuild.bash | 58 |
1 files changed, 27 insertions, 31 deletions
diff --git a/paludis/repositories/e/ebuild/ebuild.bash b/paludis/repositories/e/ebuild/ebuild.bash index e2d839d1d..7eb58712f 100755 --- a/paludis/repositories/e/ebuild/ebuild.bash +++ b/paludis/repositories/e/ebuild/ebuild.bash @@ -498,7 +498,7 @@ ebuild_load_em_up_dan() if [[ -z ${PALUDIS_DO_NOTHING_SANDBOXY} ]] ; then if [[ -n ${CCACHE_DIR} ]]; then export SANDBOX_WRITE=${SANDBOX_WRITE}:${CCACHE_DIR} - sydboxcheck 2>/dev/null && addwrite "${CCACHE_DIR}" + esandbox check 2>/dev/null && esandbox allow "${CCACHE_DIR}" fi fi @@ -517,12 +517,12 @@ perform_hook() ebuild_notice "debug" "Starting hook '${HOOK}'" local old_sandbox_on="${SANDBOX_ON}" - local old_sydbox_enabled - sydboxcmd enabled 2>/dev/null && old_sydbox_enabled=true || old_sydbox_enabled=false + local old_box_enabled + esandbox enabled 2>/dev/null && old_box_enabled=true || old_box_enabled=false if [[ -z "${PALUDIS_DO_NOTHING_SANDBOXY}" ]]; then export SANDBOX_ON="0" - if sydboxcheck 2>/dev/null; then - sydboxcmd off || ebuild_notice "warning" "sydboxcmd off returned failure" + if esandbox check 2>/dev/null; then + esandbox disable || ebuild_notice "warning" "esandbox disable returned failure" fi fi @@ -543,11 +543,11 @@ perform_hook() if [[ -z "${PALUDIS_DO_NOTHING_SANDBOXY}" ]]; then export SANDBOX_ON="${old_sandbox_on}" - if sydboxcheck 2>/dev/null; then - if $old_sydbox_enabled; then - sydboxcmd on || ebuild_notice "warning" "sydboxcmd on returned failure" + if esandbox check 2>/dev/null; then + if $old_box_enabled; then + esandbox enable || ebuild_notice "warning" "esandbox enable returned failure" else - sydboxcmd off || ebuild_notice "warning" "sydboxcmd off returned failure" + esandbox disable || ebuild_notice "warning" "esandbox disable returned failure" fi fi fi @@ -585,9 +585,9 @@ ebuild_main() ebuild_notice "debug" "Using ebuild '${EBUILD}', EAPI before source is '${EAPI}'" - # If we're running under sydbox lock magic commands when execve() is called. - if sydboxcheck 2>/dev/null; then - sydboxcmd exec_lock || ebuild_notice "warning" "sydboxcmd exec_lock returned failure" + # If we're running under sandbox lock magic commands when execve() is called. + if esandbox check 2>/dev/null; then + esandbox exec_lock || ebuild_notice "warning" "esandbox exec_lock returned failure" fi if [[ ${#@} -ge 2 ]] ; then @@ -606,9 +606,9 @@ ebuild_main() export ${PALUDIS_EBUILD_PHASE_VAR}="${1}" perform_hook ebuild_${action}_pre if [[ $1 == metadata ]]; then - # Ban execve() calls if we're running under sydbox - if sydboxcheck 2>/dev/null; then - sydboxcmd sandbox/exec || ebuild_notice "warning" "sydboxcmd sandbox/exec returned failure" + # Ban execve() calls if we're running under sandbox + if esandbox check 2>/dev/null; then + esandbox enable_exec || ebuild_notice "warning" "esandbox enable_exec returned failure" else for f in cut tr date ; do eval "${f}() { ebuild_notice qa 'global scope ${f}' ; $(type -P ${f} ) \"\$@\" ; }" @@ -616,14 +616,14 @@ ebuild_main() fi for f in locked_pipe_command ; do eval "${f}() { $(type -P ${f} ) \"\$@\" ; }" - if sydboxcheck 2>/dev/null; then - sydboxcmd addexec "$(type -P ${f})" + if esandbox check 2>/dev/null; then + esandbox allow_exec "$(type -P ${f})" fi done PATH="" ebuild_load_ebuild "${EBUILD}" - # Unban execve() calls if we're running under sydbox - if sydboxcheck 2>/dev/null; then - sydboxcmd sandunbox/exec || ebuild_notice "warning" "sydboxcmd sandunbox/exec returned failure" + # Unban execve() calls if we're running under sandbox + if esandbox check 2>/dev/null; then + esandbox disable_exec || ebuild_notice "warning" "esandbox disable_exec returned failure" fi else ebuild_load_em_up_dan @@ -637,28 +637,24 @@ ebuild_main() for action in $@ ; do export ${PALUDIS_EBUILD_PHASE_VAR}="${action}" perform_hook ebuild_${action}_pre - # Restrict network access to local if running under sydbox - # We don't do sydboxcmd sand{un,}box/net here to allow the user set it in the configuration file. + # Restrict network access if running under sandbox if [[ $action != unpack ]] && [[ $action != fetch_extra ]] ; then - if sydboxcheck 2>/dev/null; then - sydboxcmd net/local || ebuild_notice "warning" "sydboxcmd net/local returned failure" - sydboxcmd net/restrict/connect || ebuild_notice "warning" "sydboxcmd net/restrict_connect return failure" + if esandbox check 2>/dev/null; then + esandbox enable_net || ebuild_notice "warning" "esandbox enable_net returned failure" fi fi if ! ${PALUDIS_F_FUNCTION_PREFIX:-ebuild_f}_${action} ; then if [[ $action != unpack ]] && [[ $action != fetch_extra ]] ; then - if sydboxcheck 2>/dev/null; then - sydboxcmd net/allow || ebuild_notice "warning" "sydboxcmd net/allow returned failure" - sydboxcmd net/unrestrict/connect || ebuild_notice "warning" "sydboxcmd net/unrestrict/connect returned failure" + if esandbox check 2>/dev/null; then + esandbox disable_net || ebuild_notice "warning" "esandbox disable_net returned failure" fi fi perform_hook ebuild_${action}_fail die "${action} failed" fi if [[ $action != unpack ]] && [[ $action != fetch_extra ]] ; then - if sydboxcheck 2>/dev/null; then - sydboxcmd net/allow || ebuild_notice "warning" "sydboxcmd net/allow returned failure" - sydboxcmd net/unrestrict/connect || ebuild_notice "warning" "sydboxcmd net/unrestrict/connect returned failure" + if esandbox check 2>/dev/null; then + esandbox disable_net || ebuild_notice "warning" "esandbox disable_net returned failure" fi fi perform_hook ebuild_${action}_post |