aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Ali Polatel <polatel@gmail.com> 2009-08-26 16:57:30 +0300
committerAvatar Ciaran McCreesh <ciaran.mccreesh@googlemail.com> 2009-08-26 15:06:47 +0100
commita4a6300d3b2cbf9f3e853afda49ace900999757a (patch)
tree358d6f7f30436f04603068ba64bf92efa083fc2b
parent750706b13dc94fce3153093fea502141ff86be92 (diff)
downloadpaludis-a4a6300d3b2cbf9f3e853afda49ace900999757a.tar.gz
paludis-a4a6300d3b2cbf9f3e853afda49ace900999757a.tar.xz
Restrict network access to localhost for phases other than src_unpack
Signed-off-by: Ali Polatel <polatel@gmail.com>
-rwxr-xr-xpaludis/repositories/e/ebuild/ebuild.bash16
1 files changed, 16 insertions, 0 deletions
diff --git a/paludis/repositories/e/ebuild/ebuild.bash b/paludis/repositories/e/ebuild/ebuild.bash
index b552a79..0265113 100755
--- a/paludis/repositories/e/ebuild/ebuild.bash
+++ b/paludis/repositories/e/ebuild/ebuild.bash
@@ -577,10 +577,26 @@ ebuild_main()
for action in $@ ; do
export ${PALUDIS_EBUILD_PHASE_VAR}="${action}"
perform_hook ebuild_${action}_pre
+ # Restrict network access to local if running under sydbox
+ if [[ $action != unpack ]]; then
+ if sydboxcheck 2>/dev/null; then
+ sydboxcmd net/local_self || ebuild_notice "warning" "sydboxcmd net/local_self returned failure"
+ fi
+ fi
if ! ${PALUDIS_F_FUNCTION_PREFIX:-ebuild_f}_${action} ; then
+ if [[ $action != unpack ]]; then
+ if sydboxcheck 2>/dev/null; then
+ sydboxcmd net/allow || ebuild_notice "warning" "sydboxcmd net/allow returned failure"
+ fi
+ fi
perform_hook ebuild_${action}_fail
die "${action} failed"
fi
+ if [[ $action != unpack ]]; then
+ if sydboxcheck 2>/dev/null; then
+ sydboxcmd net/allow || ebuild_notice "warning" "sydboxcmd net/allow returned failure"
+ fi
+ fi
perform_hook ebuild_${action}_post
done
fi