From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 23 Aug 2011 15:46:06 +0200
Subject: [refpolicy] [PATCH 10/11] Allow cron to execute portage commands
In-Reply-To: <20110823133643.GA857@siphos.be>
References: <20110823133643.GA857@siphos.be>
Message-ID: <20110823134606.GK857@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Many users use portage from within cron (for instance to update the portage
tree or even automatically update their system). As such, we allow to run
portage from the system_cronjob_t domain.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/services/cron.te |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
index f22d27c..5ba27b7 100644
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@@ -472,6 +472,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	portage_run(system_cronjob_t, system_r)
+')
+
+optional_policy(`
 	postfix_read_config(system_cronjob_t)
 ')	
 
-- 
1.7.3.4