From: dominick.grift@gmail.com (Dominick Grift)
Date: Wed, 14 Nov 2012 19:08:24 +0100
Subject: [refpolicy] [PATCH 2/5] Portage fetch domain needs to access
 certificates
In-Reply-To: <1352566218-17772-3-git-send-email-sven.vermeulen@siphos.be>
References: <1352566218-17772-1-git-send-email-sven.vermeulen@siphos.be>
	<1352566218-17772-3-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1352916504.3654.4.camel@d30.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com



On Sat, 2012-11-10 at 17:50 +0100, Sven Vermeulen wrote:
> When source code is available through a secured connection location (HTTPS),
> portage invokes wget in the portage_fetch_t domain, but needs to access the
> certificates on the system to verify the validity of the remotely presented
> certificate.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  portage.te |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/portage.te b/portage.te
> index 1425e30..78ab51e 100644
> --- a/portage.te
> +++ b/portage.te
> @@ -309,6 +309,7 @@ term_search_ptys(portage_fetch_t)
>  
>  auth_use_nsswitch(portage_fetch_t)
>  
> +miscfiles_read_generic_certs(portage_fetch_t)
>  miscfiles_read_localization(portage_fetch_t)
>  
>  userdom_use_user_terminals(portage_fetch_t)

This is merged, thanks