From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sat, 10 Nov 2012 17:50:15 +0100
Subject: [refpolicy] [PATCH 2/5] Portage fetch domain needs to access
	certificates
In-Reply-To: <1352566218-17772-1-git-send-email-sven.vermeulen@siphos.be>
References: <1352566218-17772-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1352566218-17772-3-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When source code is available through a secured connection location (HTTPS),
portage invokes wget in the portage_fetch_t domain, but needs to access the
certificates on the system to verify the validity of the remotely presented
certificate.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 portage.te |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/portage.te b/portage.te
index 1425e30..78ab51e 100644
--- a/portage.te
+++ b/portage.te
@@ -309,6 +309,7 @@ term_search_ptys(portage_fetch_t)
 
 auth_use_nsswitch(portage_fetch_t)
 
+miscfiles_read_generic_certs(portage_fetch_t)
 miscfiles_read_localization(portage_fetch_t)
 
 userdom_use_user_terminals(portage_fetch_t)
-- 
1.7.8.6