From: mthode@mthode.org (Matthew Thode)
Date: Tue,  2 Oct 2012 08:59:17 -0500
Subject: [refpolicy] [PATCH] removed the rw autofs stuff added nfs search
	for portage_t and allowed use of nsswitch
In-Reply-To: <1349168126.25773.2.camel@d30.localdomain>
References: <1349168126.25773.2.camel@d30.localdomain>
Message-ID: <1349186357-19745-1-git-send-email-mthode@mthode.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

subject more or less speaks for itself, lessened the permissions needed from autofs and fixed a couple of AVC denials with grifts help in irc, thanks :D

---
 portage.te |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/portage.te b/portage.te
index 128e7d6..321b1ac 100644
--- a/portage.te
+++ b/portage.te
@@ -193,6 +193,8 @@ files_manage_all_files(portage_t)
 selinux_get_fs_mount(portage_t)
 
 auth_manage_shadow(portage_t)
+auth_use_nsswitch(portage_fetch_t)
+auth_use_nsswitch(portage_sandbox_t)
 
 # merging baselayout will need this:
 init_exec(portage_t)
@@ -299,7 +301,6 @@ files_search_var_lib(portage_fetch_t)
 files_dontaudit_search_pids(portage_fetch_t)
 
 fs_search_auto_mountpoints(portage_fetch_t)
-dev_rw_autofs(portage_fetch_t)
 
 logging_list_logs(portage_fetch_t)
 logging_dontaudit_search_logs(portage_fetch_t)
@@ -321,6 +322,7 @@ ifdef(`hide_broken_symptoms',`
 ')
 
 tunable_policy(`portage_use_nfs',`
+	fs_getattr_nfs(portage_t)
 	fs_getattr_nfs(portage_fetch_t)
 	fs_manage_nfs_dirs(portage_fetch_t)
 	fs_manage_nfs_files(portage_fetch_t)
-- 
1.7.8.6