From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue,  3 Jul 2012 21:18:55 +0200
Subject: [refpolicy] [PATCH 2/6] Allow gcc-config to work on NFS-mounted
	portage tree
In-Reply-To: <1341343139-5179-1-git-send-email-sven.vermeulen@siphos.be>
References: <1341343139-5179-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1341343139-5179-3-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When the portage tree is mounted on an NFS mount, we already introduced the
portage_use_nfs tunable to allow the portage domains to handle NFS-labeled
files.

One other domain that also needs this is the gcc_config_t domain, responsible
for listing and updating a systems' gcc. The requirement stems from gcc-config
using portageq to query for information, which requires a readable portage tree.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 portage.te |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/portage.te b/portage.te
index 2af04b9..7516f32 100644
--- a/portage.te
+++ b/portage.te
@@ -132,6 +132,10 @@ ifdef(`distro_gentoo',`
 	init_exec_rc(gcc_config_t)
 ')
 
+tunable_policy(`portage_use_nfs',`
+	fs_read_nfs_files(gcc_config_t)
+')
+
 optional_policy(`
 	seutil_use_newrole_fds(gcc_config_t)
 ')
-- 
1.7.8.6