From: dominick.grift@gmail.com (Dominick Grift)
Date: Tue, 02 Oct 2012 10:55:26 +0200
Subject: [refpolicy] [PATCH] added autofs support
In-Reply-To: <1349162752-12909-1-git-send-email-mthode@mthode.org>
References: <1349162752-12909-1-git-send-email-mthode@mthode.org>
Message-ID: <1349168126.25773.2.camel@d30.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com



On Tue, 2012-10-02 at 02:25 -0500, Matthew Thode wrote:
> adds autofs support to portage, needed for using portage on nfs on autofs.
> 
> ---
>  portage.te |    3 +++
>  1 files changed, 3 insertions(+), 0 deletions(-)
> 
> diff --git a/portage.te b/portage.te
> index 630f16f..128e7d6 100644
> --- a/portage.te
> +++ b/portage.te
> @@ -298,6 +298,9 @@ files_read_usr_files(portage_fetch_t)
>  files_search_var_lib(portage_fetch_t)
>  files_dontaudit_search_pids(portage_fetch_t)
>  
> +fs_search_auto_mountpoints(portage_fetch_t)
> +dev_rw_autofs(portage_fetch_t)
> +
>  logging_list_logs(portage_fetch_t)
>  logging_dontaudit_search_logs(portage_fetch_t)
>  

This is wrong but this reply is mainly just a note to self.

So far i established that we need the following instead:

+tunable_policy(`portage_use_nfs',`
+	fs_getattr_nfs(portage_t)
+')

+fs_search_auto_mountpoints(portage_fetch_t)
 
+auth_use_nsswitch(portage_fetch_t)