[Exherbo-dev] [PATCH 2/3] ebuild.bash: Use ebox instead of sydboxcmd

Ali Polatel alip at exherbo.org
Thu Jan 20 17:42:58 GMT 2011


---
 paludis/repositories/e/ebuild/ebuild.bash |   58 +++++++++++++---------------
 1 files changed, 27 insertions(+), 31 deletions(-)

diff --git a/paludis/repositories/e/ebuild/ebuild.bash b/paludis/repositories/e/ebuild/ebuild.bash
index e2d839d..3e0f50e 100755
--- a/paludis/repositories/e/ebuild/ebuild.bash
+++ b/paludis/repositories/e/ebuild/ebuild.bash
@@ -498,7 +498,7 @@ ebuild_load_em_up_dan()
     if [[ -z ${PALUDIS_DO_NOTHING_SANDBOXY} ]] ; then
         if [[ -n ${CCACHE_DIR} ]]; then
             export SANDBOX_WRITE=${SANDBOX_WRITE}:${CCACHE_DIR}
-            sydboxcheck 2>/dev/null && addwrite "${CCACHE_DIR}"
+            ebox check 2>/dev/null && ebox allow "${CCACHE_DIR}"
         fi
     fi
 
@@ -517,12 +517,12 @@ perform_hook()
     ebuild_notice "debug" "Starting hook '${HOOK}'"
 
     local old_sandbox_on="${SANDBOX_ON}"
-    local old_sydbox_enabled
-    sydboxcmd enabled 2>/dev/null && old_sydbox_enabled=true || old_sydbox_enabled=false
+    local old_box_enabled
+    ebox enabled 2>/dev/null && old_box_enabled=true || old_box_enabled=false
     if [[ -z "${PALUDIS_DO_NOTHING_SANDBOXY}" ]]; then
         export SANDBOX_ON="0"
-        if sydboxcheck 2>/dev/null; then
-            sydboxcmd off || ebuild_notice "warning" "sydboxcmd off returned failure"
+        if ebox check 2>/dev/null; then
+            ebox disable || ebuild_notice "warning" "ebox disable returned failure"
         fi
     fi
 
@@ -543,11 +543,11 @@ perform_hook()
 
     if [[ -z "${PALUDIS_DO_NOTHING_SANDBOXY}" ]]; then
         export SANDBOX_ON="${old_sandbox_on}"
-        if sydboxcheck 2>/dev/null; then
-            if $old_sydbox_enabled; then
-                sydboxcmd on || ebuild_notice "warning" "sydboxcmd on returned failure"
+        if ebox check 2>/dev/null; then
+            if $old_box_enabled; then
+                ebox enable || ebuild_notice "warning" "ebox enable returned failure"
             else
-                sydboxcmd off || ebuild_notice "warning" "sydboxcmd off returned failure"
+                ebox disable || ebuild_notice "warning" "ebox disable returned failure"
             fi
         fi
     fi
@@ -585,9 +585,9 @@ ebuild_main()
 
     ebuild_notice "debug" "Using ebuild '${EBUILD}', EAPI before source is '${EAPI}'"
 
-    # If we're running under sydbox lock magic commands when execve() is called.
-    if sydboxcheck 2>/dev/null; then
-        sydboxcmd exec_lock || ebuild_notice "warning" "sydboxcmd exec_lock returned failure"
+    # If we're running under sandbox lock magic commands when execve() is called.
+    if ebox check 2>/dev/null; then
+        ebox exec_lock || ebuild_notice "warning" "ebox exec_lock returned failure"
     fi
 
     if [[ ${#@} -ge 2 ]] ; then
@@ -606,9 +606,9 @@ ebuild_main()
         export ${PALUDIS_EBUILD_PHASE_VAR}="${1}"
         perform_hook ebuild_${action}_pre
         if [[ $1 == metadata ]]; then
-            # Ban execve() calls if we're running under sydbox
-            if sydboxcheck 2>/dev/null; then
-                sydboxcmd sandbox/exec || ebuild_notice "warning" "sydboxcmd sandbox/exec returned failure"
+            # Ban execve() calls if we're running under sandbox
+            if ebox check 2>/dev/null; then
+                ebox enable_exec || ebuild_notice "warning" "ebox enable_exec returned failure"
             else
                 for f in cut tr date ; do
                     eval "${f}() { ebuild_notice qa 'global scope ${f}' ; $(type -P ${f} ) \"\$@\" ; }"
@@ -616,14 +616,14 @@ ebuild_main()
             fi
             for f in locked_pipe_command ; do
                 eval "${f}() { $(type -P ${f} ) \"\$@\" ; }"
-                if sydboxcheck 2>/dev/null; then
-                    sydboxcmd addexec "$(type -P ${f})"
+                if ebox check 2>/dev/null; then
+                    ebox allow_exec "$(type -P ${f})"
                 fi
             done
             PATH="" ebuild_load_ebuild "${EBUILD}"
-            # Unban execve() calls if we're running under sydbox
-            if sydboxcheck 2>/dev/null; then
-                sydboxcmd sandunbox/exec || ebuild_notice "warning" "sydboxcmd sandunbox/exec returned failure"
+            # Unban execve() calls if we're running under sandbox
+            if ebox check 2>/dev/null; then
+                ebox disable_exec || ebuild_notice "warning" "ebox disable_exec returned failure"
             fi
         else
             ebuild_load_em_up_dan
@@ -637,28 +637,24 @@ ebuild_main()
         for action in $@ ; do
             export ${PALUDIS_EBUILD_PHASE_VAR}="${action}"
             perform_hook ebuild_${action}_pre
-            # Restrict network access to local if running under sydbox
-            # We don't do sydboxcmd sand{un,}box/net here to allow the user set it in the configuration file.
+            # Restrict network access if running under sandbox
             if [[ $action != unpack ]] && [[ $action != fetch_extra ]] ; then
-                if sydboxcheck 2>/dev/null; then
-                    sydboxcmd net/local || ebuild_notice "warning" "sydboxcmd net/local returned failure"
-                    sydboxcmd net/restrict/connect || ebuild_notice "warning" "sydboxcmd net/restrict_connect return failure"
+                if ebox check 2>/dev/null; then
+                    ebox enable_net || ebuild_notice "warning" "ebox enable_net returned failure"
                 fi
             fi
             if ! ${PALUDIS_F_FUNCTION_PREFIX:-ebuild_f}_${action} ; then
                 if [[ $action != unpack ]] && [[ $action != fetch_extra ]] ; then
-                    if sydboxcheck 2>/dev/null; then
-                        sydboxcmd net/allow || ebuild_notice "warning" "sydboxcmd net/allow returned failure"
-                        sydboxcmd net/unrestrict/connect || ebuild_notice "warning" "sydboxcmd net/unrestrict/connect returned failure"
+                    if ebox check 2>/dev/null; then
+                        ebox disable_net || ebuild_notice "warning" "ebox disable_net returned failure"
                     fi
                 fi
                 perform_hook ebuild_${action}_fail
                 die "${action} failed"
             fi
             if [[ $action != unpack ]] && [[ $action != fetch_extra ]] ; then
-                if sydboxcheck 2>/dev/null; then
-                    sydboxcmd net/allow || ebuild_notice "warning" "sydboxcmd net/allow returned failure"
-                    sydboxcmd net/unrestrict/connect || ebuild_notice "warning" "sydboxcmd net/unrestrict/connect returned failure"
+                if ebox check 2>/dev/null; then
+                    ebox disable_net || ebuild_notice "warning" "ebox disable_net returned failure"
                 fi
             fi
             perform_hook ebuild_${action}_post
-- 
1.7.3.5




More information about the Exherbo-dev mailing list