From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue,  3 Jul 2012 21:18:58 +0200
Subject: [refpolicy] [PATCH 5/6] Allow portage fetch domain to show download
	progress
In-Reply-To: <1341343139-5179-1-git-send-email-sven.vermeulen@siphos.be>
References: <1341343139-5179-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1341343139-5179-6-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When downloading software packages, the portage application is inside the
portage_fetch_t domain. At that point, Portage wants to show the fetch progress
of the software on the users' screen. For this, it needs proper access to
portage_devpts_t.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 portage.te |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/portage.te b/portage.te
index 7516f32..9e9cc07 100644
--- a/portage.te
+++ b/portage.te
@@ -248,6 +248,8 @@ allow portage_fetch_t self:unix_stream_socket create_socket_perms;
 
 allow portage_fetch_t portage_conf_t:dir list_dir_perms;
 
+allow portage_fetch_t portage_devpts_t:chr_file { rw_chr_file_perms setattr };
+
 allow portage_fetch_t portage_gpg_t:dir rw_dir_perms;
 allow portage_fetch_t portage_gpg_t:file manage_file_perms;
 
-- 
1.7.8.6