From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Tue, 13 Sep 2011 20:21:08 +0200 Subject: [refpolicy] [PATCHv2 2/4] Allow puppet to call portage In-Reply-To: <20110913181932.GA29878@siphos.be> References: <20110913181932.GA29878@siphos.be> Message-ID: <20110913182108.GC29878@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Puppet is a configuration management and system management tool. Part of its job is to manage the package deployments on systems. As such, it needs the privilege to call and transition to the various portage domains. Signed-off-by: Sven Vermeulen --- puppet.te | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/puppet.te b/puppet.te index 941f6e1..022fde7 100644 --- a/puppet.te +++ b/puppet.te @@ -146,6 +146,12 @@ optional_policy(` ') optional_policy(` + portage_domtrans(puppet_t) + portage_domtrans_fetch(puppet_t) + portage_domtrans_gcc_config(puppet_t) +') + +optional_policy(` files_rw_var_files(puppet_t) rpm_domtrans(puppet_t) -- 1.7.3.4