From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 20 Jul 2011 19:12:06 +0200
Subject: [refpolicy] [PATCH 4/4] Support proxy server/cache servers and
 binpkg servers
In-Reply-To: <4E26F923.7060307@tresys.com>
References: <20110719211641.GA14490@siphos.be>
	<20110719213100.GE14490@siphos.be> <4E26F923.7060307@tresys.com>
Message-ID: <20110720171206.GC18951@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, Jul 20, 2011 at 11:49:55AM -0400, Christopher J. PeBenito wrote:
> On 07/19/11 17:31, Sven Vermeulen wrote:
> > Portage supports the use of proxy systems (which usually run on port 8080)
> > for both the fetching of software archives as well as fetching binaries (in
> > case of PORTAGE_BINHOST support).
> >
> > Hence the introduction of the connect_http_port&  connect_http_cache_port
> > for portage_t (PORTAGE_BINHOST) and portage_fetch_t (software archives).
> >
> > In the latter case, connect_http_port is already available through
> > connect_all_reserved_ports.
> 
> I presume portage is using wget to do this?  Why can't we update portage 
> to do setexeccon, like when it is doing when downloading source files?

You mean to have Portage transition to portage_fetch_t again so that the
privileges on portage_t aren't necessary? I don't think that would be a
problem.

Wkr,
	Sven Vermeulen