From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sat, 3 Sep 2011 16:20:05 +0200
Subject: [refpolicy] [PATCHv2 2/8] Allow gcc-config to execute rc
In-Reply-To: <20110903141833.GA25374@siphos.be>
References: <20110903141833.GA25374@siphos.be>
Message-ID: <20110903142005.GC25374@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The gcc-config application uses some functions (from
/etc/init.d/functions.sh) which are simple wrappers on top of
/sbin/rc. Since this script is sourced and the functions executed
from within gcc_config_t, we allow gcc-config to execute /sbin/rc
without transitioning.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/admin/portage.te |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index 3d76444..fb51d36 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -120,6 +120,10 @@ userdom_use_user_terminals(gcc_config_t)
 
 consoletype_exec(gcc_config_t)
 
+ifdef(`distro_gentoo',`
+	init_rc_exec(gcc_config_t)
+')
+
 optional_policy(`
 	seutil_use_newrole_fds(gcc_config_t)
 ')
-- 
1.7.3.4