From: aranea@aixah.de (Luis Ressel)
Date: Mon, 11 Sep 2017 08:40:21 +0200
Subject: [refpolicy] [PATCH] portage: Grant the map permissions neccessary
	for git and install
Message-ID: <20170911064021.6469-1-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

---
 portage.if | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/portage.if b/portage.if
index 5e8eb2ba..c0c7e9be 100644
--- a/portage.if
+++ b/portage.if
@@ -102,6 +102,7 @@ interface(`portage_compile_domain',`
 	manage_dirs_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
 	manage_files_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
 	manage_lnk_files_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
+	allow $1 portage_srcrepo_t:file map;
 
 	# run scripts out of the build directory
 	can_exec(portage_sandbox_t, portage_tmp_t)
@@ -187,6 +188,9 @@ interface(`portage_compile_domain',`
 	# SELinux-enabled programs running in the sandbox
 	seutil_libselinux_linked($1)
 
+	# required by install
+	seutil_read_file_contexts($1)
+
 	tunable_policy(`portage_use_nfs',`
 		fs_getattr_nfs($1)
 		fs_manage_nfs_dirs($1)
-- 
2.14.1