diff options
| author | Michael E Brown <mebrown@michaels-house.net> | 2007-10-18 21:39:52 -0500 |
|---|---|---|
| committer | Michael E Brown <mebrown@michaels-house.net> | 2007-10-18 21:39:52 -0500 |
| commit | 9e820575ac528d562fc9bd207c8674bfed03589d (patch) | |
| tree | b8167af16e4527861c411f10bed5c2837c98940c /src/py-libs/util.py | |
| parent | a9172fdfdf9811cb84626f0a414668cc2ab03dc4 (diff) | |
| download | mock-9e820575ac528d562fc9bd207c8674bfed03589d.tar.gz mock-9e820575ac528d562fc9bd207c8674bfed03589d.tar.xz mock-9e820575ac528d562fc9bd207c8674bfed03589d.zip | |
completely drop privs (real and effective) when running RPM commands. add a bit of infrastructure to mock.util.do() to handle this. Change mock.util.do to not return output by default. No users use the output, and it can be switched on via karg.
Diffstat (limited to 'src/py-libs/util.py')
| -rw-r--r-- | src/py-libs/util.py | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/src/py-libs/util.py b/src/py-libs/util.py index 0bca233..868fb41 100644 --- a/src/py-libs/util.py +++ b/src/py-libs/util.py @@ -142,24 +142,19 @@ def uniqReqs(*args): master.extend(l) return rpmUtils.miscutils.unique(master) -@traceLog(log) -def do_interactive(command, *args, **kargs): - # we always assume that we dont care about return code for interactive stuff - os.system(command) - # logger = # output = [1|0] +# chrootPath +# +# Warning: this is the function from hell. :( +# @traceLog(log) -def do(command, timeout=0, raiseExc=True, interactive=0, *args, **kargs): +def do(command, chrootPath=None, timeout=0, raiseExc=True, returnOutput=0, *args, **kargs): """execute given command outside of chroot""" logger = kargs.get("logger", log) logger.debug("Run cmd: %s" % command) - # need to not fork, etc or interactive command wont properly display, so catch it here. - if interactive: - return do_interactive(command, timeout=timeout, raiseExc=raiseExc, *args, **kargs) - class alarmExc(Exception): pass def alarmhandler(signum,stackframe): raise alarmExc("timeout expired") @@ -187,7 +182,7 @@ def do(command, timeout=0, raiseExc=True, interactive=0, *args, **kargs): else: logger.debug(line) - if kargs.get("output",1): + if returnOutput: output += line # close read handle, get child return status, etc @@ -225,6 +220,22 @@ def do(command, timeout=0, raiseExc=True, interactive=0, *args, **kargs): # can kill our children os.setpgrp() + uidManager = kargs.get("uidManager") + + if chrootPath is not None: + if uidManager: + logger.debug("elevate privs to run chroot") + uidManager.becomeUser(0) + os.chdir(chrootPath) + os.chroot(chrootPath) + if uidManager: + logger.debug("back to other privs") + uidManager.restorePrivs() + + if uidManager: + logger.debug("about to drop privs") + uidManager.dropPrivsForever() + child = popen2.Popen4(command) child.tochild.close() |