The depend phase is safe to be always run as portage:portage if possible. Index: trunk-droppriv-depend/pym/portage/__init__.py =================================================================== --- trunk-droppriv-depend/pym/portage/__init__.py (revision 7365) +++ trunk-droppriv-depend/pym/portage/__init__.py (working copy) @@ -2326,7 +2326,7 @@ # XXX This would be to replace getstatusoutput completely. # XXX Issue: cannot block execution. Deadlock condition. -def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, sesandbox=0, **keywords): +def spawn(mystring, mysettings, debug=0, free=0, droppriv=0, forcedroppriv=0, sesandbox=0, **keywords): """ Spawn a subprocess with extra portage-specific options. Optiosn include: @@ -2352,6 +2352,8 @@ @type free: Boolean @param droppriv: Drop to portage:portage when running this command @type droppriv: Boolean + @param forcedroppriv: Forcibly drop to portage:portage when running this command + @type forcedroppriv: Boolean @param sesandbox: Enable SELinux Sandboxing (toggles a context switch) @type sesandbox: Boolean @param keywords: Extra options encoded as a dict, to be passed to spawn @@ -2444,7 +2446,7 @@ features = mysettings.features restrict = mysettings.get("PORTAGE_RESTRICT","").split() - droppriv=(droppriv and "userpriv" in features and not \ + droppriv=(forcedroppriv or droppriv and "userpriv" in features and not \ ("nouserpriv" in restrict or "userpriv" in restrict)) if droppriv and not uid and portage_gid and portage_uid: keywords.update({"uid":portage_uid,"gid":portage_gid, @@ -3756,7 +3758,7 @@ pr, pw = os.pipe() fd_pipes = {0:0, 1:1, 2:2, 9:pw} mypids = spawn(EBUILD_SH_BINARY + " depend", mysettings, - fd_pipes=fd_pipes, returnpid=True) + fd_pipes=fd_pipes, returnpid=True, forcedroppriv=1) os.close(pw) # belongs exclusively to the child process now maxbytes = 1024 mybytes = [] @@ -3784,7 +3786,7 @@ mysettings["dbkey"] = \ os.path.join(mysettings.depcachedir, "aux_db_key_temp") - return spawn(EBUILD_SH_BINARY + " depend", mysettings) + return spawn(EBUILD_SH_BINARY + " depend", mysettings, forcedroppriv=1) # Validate dependency metadata here to ensure that ebuilds with invalid # data are never installed (even via the ebuild command). @@ -4025,14 +4027,14 @@ # args are for the to spawn function actionmap = { -"depend": {"cmd":ebuild_sh, "args":{"droppriv":1, "free":0, "sesandbox":0}}, -"setup": {"cmd":ebuild_sh, "args":{"droppriv":0, "free":1, "sesandbox":0}}, -"unpack": {"cmd":ebuild_sh, "args":{"droppriv":1, "free":0, "sesandbox":sesandbox}}, -"compile":{"cmd":ebuild_sh, "args":{"droppriv":1, "free":nosandbox, "sesandbox":sesandbox}}, -"test": {"cmd":ebuild_sh, "args":{"droppriv":1, "free":nosandbox, "sesandbox":sesandbox}}, -"install":{"cmd":ebuild_sh, "args":{"droppriv":0, "free":0, "sesandbox":sesandbox}}, -"rpm": {"cmd":misc_sh, "args":{"droppriv":0, "free":0, "sesandbox":0}}, -"package":{"cmd":misc_sh, "args":{"droppriv":0, "free":0, "sesandbox":0}}, +"depend": {"cmd":ebuild_sh, "args":{"droppriv":1, "forcedroppriv":1, "free":0, "sesandbox":0}}, +"setup": {"cmd":ebuild_sh, "args":{"droppriv":0, "forcedroppriv":0, "free":1, "sesandbox":0}}, +"unpack": {"cmd":ebuild_sh, "args":{"droppriv":1, "forcedroppriv":0, "free":0, "sesandbox":sesandbox}}, +"compile":{"cmd":ebuild_sh, "args":{"droppriv":1, "forcedroppriv":0, "free":nosandbox, "sesandbox":sesandbox}}, +"test": {"cmd":ebuild_sh, "args":{"droppriv":1, "forcedroppriv":0, "free":nosandbox, "sesandbox":sesandbox}}, +"install":{"cmd":ebuild_sh, "args":{"droppriv":0, "forcedroppriv":0, "free":0, "sesandbox":sesandbox}}, +"rpm": {"cmd":misc_sh, "args":{"droppriv":0, "forcedroppriv":0, "free":0, "sesandbox":0}}, +"package":{"cmd":misc_sh, "args":{"droppriv":0, "forcedroppriv":0, "free":0, "sesandbox":0}}, } # merge the deps in so we have again a 'full' actionmap