From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 19 Jul 2011 23:28:47 +0200
Subject: [refpolicy] [PATCH 3/4] gcc-config calls /sbin/rc
In-Reply-To: <20110719211641.GA14490@siphos.be>
References: <20110719211641.GA14490@siphos.be>
Message-ID: <20110719212847.GD14490@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Since the introduction of OpenRC (init system), a few changes are made on
the general Gentoo related files and applications. gcc-config is one of
them. It calls /sbin/rc (the main "entrypoint" for all OpenRC-related
actions) which, with the current policy, wasn't allowed.

Allow gcc-config to call /sbin/rc (initrc_exec_t) without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/admin/portage.te |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index 88c6d60..e555e41 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -105,6 +105,8 @@ files_list_all(gcc_config_t)
 
 # seems to be ok without this
 init_dontaudit_read_script_status_files(gcc_config_t)
+# Since OpenRC, gcc-config calls rc (but transitioning isn't needed)
+init_exec_script_files(gcc_config_t)
 
 libs_read_lib_files(gcc_config_t)
 libs_domtrans_ldconfig(gcc_config_t)
-- 
1.7.3.4