Signed-off-by: LABBE Corentin <[email protected]>
---
policy/modules/admin/portage.if | 19 +++++++++++++++++++
policy/modules/admin/portage.te | 2 ++
2 files changed, 21 insertions(+), 0 deletions(-)
diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if
index 35161b2..a1b6a4b 100644
--- a/policy/modules/admin/portage.if
+++ b/policy/modules/admin/portage.if
@@ -281,3 +281,22 @@ interface(`portage_dontaudit_rw_tmp_files',`
dontaudit $1 portage_tmp_t:file rw_file_perms;
')
+
+########################################
+## <summary>
+## Write the pty of portage.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`portage_use_pty',`
+ gen_require(`
+ type portage_devpts_t;
+ ')
+
+ term_search_ptys($1)
+ allow $1 portage_devpts_t:chr_file write_chr_file_perms;
+')
diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index ba1a256..fd863a7 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -211,6 +211,8 @@ allow portage_fetch_t self:tcp_socket create_stream_socket_perms;
allow portage_fetch_t portage_conf_t:dir list_dir_perms;
read_files_pattern(portage_fetch_t, portage_conf_t, portage_conf_t)
+portage_use_pty(portage_fetch_t)
+
manage_dirs_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t)
manage_files_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t)
--
1.6.4.4
On Wed, Mar 03, 2010 at 04:37:18PM +0100, LABBE Corentin wrote:
>
> Signed-off-by: LABBE Corentin <[email protected]>
Come to think about it you may want to either rename the interface to portage_write_ptys,
or replace write_chr_file_perms by rw_chr_file_perms.
> ---
> policy/modules/admin/portage.if | 19 +++++++++++++++++++
> policy/modules/admin/portage.te | 2 ++
> 2 files changed, 21 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if
> index 35161b2..a1b6a4b 100644
> --- a/policy/modules/admin/portage.if
> +++ b/policy/modules/admin/portage.if
> @@ -281,3 +281,22 @@ interface(`portage_dontaudit_rw_tmp_files',`
>
> dontaudit $1 portage_tmp_t:file rw_file_perms;
> ')
> +
> +########################################
> +## <summary>
> +## Write the pty of portage.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`portage_use_pty',`
> + gen_require(`
> + type portage_devpts_t;
> + ')
> +
> + term_search_ptys($1)
> + allow $1 portage_devpts_t:chr_file write_chr_file_perms;
> +')
> diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
> index ba1a256..fd863a7 100644
> --- a/policy/modules/admin/portage.te
> +++ b/policy/modules/admin/portage.te
> @@ -211,6 +211,8 @@ allow portage_fetch_t self:tcp_socket create_stream_socket_perms;
> allow portage_fetch_t portage_conf_t:dir list_dir_perms;
> read_files_pattern(portage_fetch_t, portage_conf_t, portage_conf_t)
>
> +portage_use_pty(portage_fetch_t)
> +
> manage_dirs_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t)
> manage_files_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t)
>
> --
> 1.6.4.4
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100303/fa70a7aa/attachment.bin