From: aranea@aixah.de (Luis Ressel) Date: Mon, 11 Sep 2017 05:18:29 +0200 Subject: [refpolicy] [PATCH 3/3] portage: Allow portage_t and portage_sandbox_t to access locale_t In-Reply-To: <20170911031829.4163-1-aranea@aixah.de> References: <20170911031829.4163-1-aranea@aixah.de> Message-ID: <20170911031829.4163-3-aranea@aixah.de> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com This didn't crop out until now due to portage's wideranging access, but it's neccessary now for the map permission. I'm aware adding the interface directly for portage_t is redundant, but I'm doing it nevertheless in case we ever remove portage_compile_domain(portage_t). --- portage.if | 2 ++ portage.te | 2 ++ 2 files changed, 4 insertions(+) diff --git a/portage.if b/portage.if index 3447a45..5e8eb2b 100644 --- a/portage.if +++ b/portage.if @@ -180,6 +180,8 @@ interface(`portage_compile_domain',` logging_send_syslog_msg($1) + miscfiles_read_localization($1) + userdom_use_user_terminals($1) # SELinux-enabled programs running in the sandbox diff --git a/portage.te b/portage.te index 903d0d1..4a80703 100644 --- a/portage.te +++ b/portage.te @@ -195,6 +195,8 @@ auth_manage_shadow(portage_t) # merging baselayout will need this: init_exec(portage_t) +miscfiles_read_localization(portage_t) + # run setfiles -r seutil_run_setfiles(portage_t, portage_roles) # run semodule -- 2.14.1