From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue,  3 Jul 2012 21:18:54 +0200
Subject: [refpolicy] [PATCH 1/6] Mark glsa-check as portage_exec_t
In-Reply-To: <1341343139-5179-1-git-send-email-sven.vermeulen@siphos.be>
References: <1341343139-5179-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1341343139-5179-2-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The glsa-check application is Gentoo's application for reporting on
security-vulnerable installed packages. It reads its input from the portage tree
and allows users to update just the affected packages.

For this it needs to run in the portage_t domain.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 portage.fc |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/portage.fc b/portage.fc
index 1d5b4e5..2f6b86b 100644
--- a/portage.fc
+++ b/portage.fc
@@ -4,6 +4,7 @@
 /etc/portage/gpg(/.*)?			gen_context(system_u:object_r:portage_gpg_t,s0)
 
 /usr/bin/gcc-config		--	gen_context(system_u:object_r:gcc_config_exec_t,s0)
+/usr/bin/glsa-check		--	gen_context(system_u:object_r:portage_exec_t,s0)
 /usr/bin/layman			--	gen_context(system_u:object_r:portage_fetch_exec_t,s0)
 /usr/bin/sandbox		--	gen_context(system_u:object_r:portage_exec_t,s0)
 
-- 
1.7.8.6