added nsswitch for AVC denials
added search_auto_mountpoints for autofs support
added fs_getattr_nfs(portage_t) for nfs on autofs support
thanks to grift for the help and patience :D
Signed-off-by: Matthew Thode <[email protected]>
---
portage.te | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/portage.te b/portage.te
index 630f16f..321b1ac 100644
--- a/portage.te
+++ b/portage.te
@@ -193,6 +193,8 @@ files_manage_all_files(portage_t)
selinux_get_fs_mount(portage_t)
auth_manage_shadow(portage_t)
+auth_use_nsswitch(portage_fetch_t)
+auth_use_nsswitch(portage_sandbox_t)
# merging baselayout will need this:
init_exec(portage_t)
@@ -298,6 +300,8 @@ files_read_usr_files(portage_fetch_t)
files_search_var_lib(portage_fetch_t)
files_dontaudit_search_pids(portage_fetch_t)
+fs_search_auto_mountpoints(portage_fetch_t)
+
logging_list_logs(portage_fetch_t)
logging_dontaudit_search_logs(portage_fetch_t)
@@ -318,6 +322,7 @@ ifdef(`hide_broken_symptoms',`
')
tunable_policy(`portage_use_nfs',`
+ fs_getattr_nfs(portage_t)
fs_getattr_nfs(portage_fetch_t)
fs_manage_nfs_dirs(portage_fetch_t)
fs_manage_nfs_files(portage_fetch_t)
--
1.7.8.6