From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-portage-dev+bounces-7523-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id CBC00138334
	for <garchives@archives.gentoo.org>; Tue,  8 Jan 2019 04:53:36 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id CE6FCE0A95;
	Tue,  8 Jan 2019 04:53:34 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id A0D2BE0A95
	for <gentoo-portage-dev@lists.gentoo.org>; Tue,  8 Jan 2019 04:53:33 +0000 (UTC)
Received: from r6.ad.gaikai.biz (unknown [100.42.98.196])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: zmedico)
	by smtp.gentoo.org (Postfix) with ESMTPSA id C113A335C3D;
	Tue,  8 Jan 2019 04:53:31 +0000 (UTC)
From: Zac Medico <zmedico@gentoo.org>
To: gentoo-portage-dev@lists.gentoo.org
Cc: Zac Medico <zmedico@gentoo.org>
Subject: [gentoo-portage-dev] [PATCH] pid-sandbox: whitelist selected pkg_* phases (bug 673794)
Date: Mon,  7 Jan 2019 20:53:11 -0800
Message-Id: <20190108045311.6387-1-zmedico@gentoo.org>
X-Mailer: git-send-email 2.18.1
Precedence: bulk
List-Post: <mailto:gentoo-portage-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-portage-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-portage-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-portage-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-portage-dev.gentoo.org>
X-BeenThere: gentoo-portage-dev@lists.gentoo.org
Reply-to: gentoo-portage-dev@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 5eebfd91-a181-49f9-8fb4-c513f1965a1c
X-Archives-Hash: 5298d2df92a26c2454dd56cd4a13a9ef

Whitelist the same phases that are whitelisted for FEATURES=cgroup,
since pid-sandbox is less valuable and is likely to have unintended
consenquences during these phases.

Bug: https://bugs.gentoo.org/673794
Signed-off-by: Zac Medico <zmedico@gentoo.org>
---
 lib/_emerge/AbstractEbuildProcess.py   | 9 ++++++---
 lib/portage/package/ebuild/doebuild.py | 8 ++++++--
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/lib/_emerge/AbstractEbuildProcess.py b/lib/_emerge/AbstractEbuildProcess.py
index bda0bd83f..ddf04e9b3 100644
--- a/lib/_emerge/AbstractEbuildProcess.py
+++ b/lib/_emerge/AbstractEbuildProcess.py
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 import errno
@@ -22,6 +22,10 @@ from portage.util.futures import asyncio
 from portage.util._pty import _create_pty_or_pipe
 from portage.util import apply_secpass_permissions
 
+portage.proxy.lazyimport.lazyimport(globals(),
+	'portage.package.ebuild.doebuild:_global_pid_phases',
+)
+
 class AbstractEbuildProcess(SpawnProcess):
 
 	__slots__ = ('phase', 'settings',) + \
@@ -30,7 +34,6 @@ class AbstractEbuildProcess(SpawnProcess):
 
 	_phases_without_builddir = ('clean', 'cleanrm', 'depend', 'help',)
 	_phases_interactive_whitelist = ('config',)
-	_phases_without_cgroup = ('preinst', 'postinst', 'prerm', 'postrm', 'config')
 
 	# Number of milliseconds to allow natural exit of the ebuild
 	# process after it has called the exit command via IPC. It
@@ -71,7 +74,7 @@ class AbstractEbuildProcess(SpawnProcess):
 		# Check if the cgroup hierarchy is in place. If it's not, mount it.
 		if (os.geteuid() == 0 and platform.system() == 'Linux'
 				and 'cgroup' in self.settings.features
-				and self.phase not in self._phases_without_cgroup):
+				and self.phase not in _global_pid_phases):
 			cgroup_root = '/sys/fs/cgroup'
 			cgroup_portage = os.path.join(cgroup_root, 'portage')
 
diff --git a/lib/portage/package/ebuild/doebuild.py b/lib/portage/package/ebuild/doebuild.py
index baebb9a27..f11923595 100644
--- a/lib/portage/package/ebuild/doebuild.py
+++ b/lib/portage/package/ebuild/doebuild.py
@@ -1,4 +1,4 @@
-# Copyright 2010-2018 Gentoo Authors
+# Copyright 2010-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 from __future__ import unicode_literals
@@ -110,6 +110,9 @@ _ipc_phases = frozenset([
 	"preinst", "postinst", "prerm", "postrm",
 ])
 
+# phases which execute in the global PID namespace
+_global_pid_phases = frozenset(['preinst', 'postinst', 'prerm', 'postrm', 'config'])
+
 # phases in which networking access is allowed
 _networked_phases = frozenset([
 	# for VCS fetching
@@ -153,7 +156,8 @@ def _doebuild_spawn(phase, settings, actionmap=None, **kwargs):
 	kwargs['networked'] = 'network-sandbox' not in settings.features or \
 		phase in _networked_phases or \
 		'network-sandbox' in settings['PORTAGE_RESTRICT'].split()
-	kwargs['pidns'] = 'pid-sandbox' in settings.features
+	kwargs['pidns'] = ('pid-sandbox' in settings.features and
+		phase not in _global_pid_phases)
 
 	if phase == 'depend':
 		kwargs['droppriv'] = 'userpriv' in settings.features
-- 
2.18.1