The installation of the wireshark package (and perhaps others) requires
portage setting file capabilities (through the setcap binary).
Signed-off-by: Sven Vermeulen <[email protected]>
---
policy/modules/admin/portage.te | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index 8f41c2e..d6697d3 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -125,7 +125,7 @@ optional_policy(`
# - setexec to run portage fetch
allow portage_t self:process { setfscreate setexec };
# - kill for mysql merging, at least
-allow portage_t self:capability { sys_nice kill };
+allow portage_t self:capability { sys_nice kill setfcap };
# user post-sync scripts
can_exec(portage_t, portage_conf_t)
--
1.7.3.4
On 04/28/11 15:30, Sven Vermeulen wrote:
> The installation of the wireshark package (and perhaps others) requires
> portage setting file capabilities (through the setcap binary).
Merged.
> Signed-off-by: Sven Vermeulen <[email protected]>
> ---
> policy/modules/admin/portage.te | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
> index 8f41c2e..d6697d3 100644
> --- a/policy/modules/admin/portage.te
> +++ b/policy/modules/admin/portage.te
> @@ -125,7 +125,7 @@ optional_policy(`
> # - setexec to run portage fetch
> allow portage_t self:process { setfscreate setexec };
> # - kill for mysql merging, at least
> -allow portage_t self:capability { sys_nice kill };
> +allow portage_t self:capability { sys_nice kill setfcap };
>
> # user post-sync scripts
> can_exec(portage_t, portage_conf_t)
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com