From: domg472@gmail.com (Dominick Grift)
Date: Wed, 3 Mar 2010 18:29:14 +0100
Subject: [refpolicy] [PATCH 1/1] Portage_fetch_t need use of
 portage_devpts_
In-Reply-To: <1267630638-19006-1-git-send-email-corentin.labbe@geomatys.fr>
References: <1267630638-19006-1-git-send-email-corentin.labbe@geomatys.fr>
Message-ID: <20100303172912.GB21101@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, Mar 03, 2010 at 04:37:18PM +0100, LABBE Corentin wrote:
> 
> Signed-off-by: LABBE Corentin <corentin.labbe@geomatys.fr>

Come to think about it you may want to either rename the interface to portage_write_ptys,
or replace write_chr_file_perms by rw_chr_file_perms. 

> ---
>  policy/modules/admin/portage.if |   19 +++++++++++++++++++
>  policy/modules/admin/portage.te |    2 ++
>  2 files changed, 21 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if
> index 35161b2..a1b6a4b 100644
> --- a/policy/modules/admin/portage.if
> +++ b/policy/modules/admin/portage.if
> @@ -281,3 +281,22 @@ interface(`portage_dontaudit_rw_tmp_files',`
>  
>  	dontaudit $1 portage_tmp_t:file rw_file_perms;
>  ')
> +
> +########################################
> +## <summary>
> +##      Write the pty of portage.
> +## </summary>
> +## <param name="domain">
> +##      <summary>
> +##      Domain allowed access.
> +##      </summary>
> +## </param>
> +#
> +interface(`portage_use_pty',`
> +        gen_require(`
> +                type portage_devpts_t;
> +        ')
> +
> +        term_search_ptys($1)
> +        allow $1 portage_devpts_t:chr_file write_chr_file_perms;
> +')
> diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
> index ba1a256..fd863a7 100644
> --- a/policy/modules/admin/portage.te
> +++ b/policy/modules/admin/portage.te
> @@ -211,6 +211,8 @@ allow portage_fetch_t self:tcp_socket create_stream_socket_perms;
>  allow portage_fetch_t portage_conf_t:dir list_dir_perms;
>  read_files_pattern(portage_fetch_t, portage_conf_t, portage_conf_t)
>  
> +portage_use_pty(portage_fetch_t)
> +
>  manage_dirs_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t)
>  manage_files_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t)
>  
> -- 
> 1.6.4.4
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100303/fa70a7aa/attachment.bin