From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id BC5E3138350 for ; Mon, 23 Mar 2020 01:40:55 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7007DE0990; Mon, 23 Mar 2020 01:40:54 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 50B48E0990 for ; Mon, 23 Mar 2020 01:40:54 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id C0ABC34F1FA for ; Mon, 23 Mar 2020 01:40:52 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 2DB8218A for ; Mon, 23 Mar 2020 01:40:51 +0000 (UTC) From: "Zac Medico" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Zac Medico" Message-ID: <1584926104.2342e77eea8e00a572623f86d20cde2dc7098aa5.zmedico@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: lib/portage/package/ebuild/ X-VCS-Repository: proj/portage X-VCS-Files: lib/portage/package/ebuild/doebuild.py X-VCS-Directories: lib/portage/package/ebuild/ X-VCS-Committer: zmedico X-VCS-Committer-Name: Zac Medico X-VCS-Revision: 2342e77eea8e00a572623f86d20cde2dc7098aa5 X-VCS-Branch: master Date: Mon, 23 Mar 2020 01:40:51 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: feb8ed83-8d65-4fd2-9e92-ee3832a2ee4c X-Archives-Hash: 6d1a6170632667b4aa672920864cdc9d commit: 2342e77eea8e00a572623f86d20cde2dc7098aa5 Author: Zac Medico gentoo org> AuthorDate: Sun Mar 22 01:13:22 2020 +0000 Commit: Zac Medico gentoo org> CommitDate: Mon Mar 23 01:15:04 2020 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=2342e77e _post_phase_userpriv_perms: handle $HOME (bug 713100) Ensure that the userpriv UID has appropriate permission for files created in $HOME during privileged phases like pkg_setup, in the same way as for $T. This prevents potential permission issues for programs invoked during unprivileged phases, and it improves alignment with PMS which specifies identical behavior for both $HOME and $T. Bug: https://bugs.gentoo.org/713100 Signed-off-by: Zac Medico gentoo.org> lib/portage/package/ebuild/doebuild.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/portage/package/ebuild/doebuild.py b/lib/portage/package/ebuild/doebuild.py index 75fcb8a51..2bff94cb1 100644 --- a/lib/portage/package/ebuild/doebuild.py +++ b/lib/portage/package/ebuild/doebuild.py @@ -1765,9 +1765,10 @@ def _post_phase_userpriv_perms(mysettings): if "userpriv" in mysettings.features and secpass >= 2: """ Privileged phases may have left files that need to be made writable to a less privileged user.""" - apply_recursive_permissions(mysettings["T"], - uid=portage_uid, gid=portage_gid, dirmode=0o700, dirmask=0, - filemode=0o600, filemask=0) + for path in (mysettings["HOME"], mysettings["T"]): + apply_recursive_permissions(path, + uid=portage_uid, gid=portage_gid, dirmode=0o700, dirmask=0, + filemode=0o600, filemask=0) def _check_build_log(mysettings, out=None):