portage_t used to have all neccessary permissions to run ldconfig in its
own domain, but ldconfig now needs map access to its cache, so it's
either this or allowing portage_t to map ldconfig_cache_t.
---
portage.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/portage.te b/portage.te
index 79f2e3e..98caa2f 100644
--- a/portage.te
+++ b/portage.te
@@ -194,6 +194,8 @@ auth_manage_shadow(portage_t)
# merging baselayout will need this:
init_exec(portage_t)
+libs_run_ldconfig(portage_t, portage_roles)
+
miscfiles_read_localization(portage_t)
# run setfiles -r
--
2.14.1
On 09/12/2017 03:16 AM, Luis Ressel via refpolicy wrote:
> portage_t used to have all neccessary permissions to run ldconfig in its
> own domain, but ldconfig now needs map access to its cache, so it's
> either this or allowing portage_t to map ldconfig_cache_t.
> ---
> portage.te | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/portage.te b/portage.te
> index 79f2e3e..98caa2f 100644
> --- a/portage.te
> +++ b/portage.te
> @@ -194,6 +194,8 @@ auth_manage_shadow(portage_t)
> # merging baselayout will need this:
> init_exec(portage_t)
>
> +libs_run_ldconfig(portage_t, portage_roles)
> +
Merged.
--
Chris PeBenito