From: pebenito@ieee.org (Chris PeBenito)
Date: Mon, 11 Sep 2017 20:11:23 -0400
Subject: [refpolicy] [PATCH 3/3] portage: Allow portage_t and
 portage_sandbox_t to access locale_t
In-Reply-To: <20170911031829.4163-3-aranea@aixah.de>
References: <20170911031829.4163-1-aranea@aixah.de>
	<20170911031829.4163-3-aranea@aixah.de>
Message-ID: <677abea3-7a80-9507-da4f-aeb281f3eccf@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/10/2017 11:18 PM, Luis Ressel via refpolicy wrote:
> This didn't crop out until now due to portage's wideranging access, but
> it's neccessary now for the map permission.
> 
> I'm aware adding the interface directly for portage_t is redundant, but
> I'm doing it nevertheless in case we ever remove
> portage_compile_domain(portage_t).
> ---
>   portage.if | 2 ++
>   portage.te | 2 ++
>   2 files changed, 4 insertions(+)
> 
> diff --git a/portage.if b/portage.if
> index 3447a45..5e8eb2b 100644
> --- a/portage.if
> +++ b/portage.if
> @@ -180,6 +180,8 @@ interface(`portage_compile_domain',`
>   
>   	logging_send_syslog_msg($1)
>   
> +	miscfiles_read_localization($1)
> +
>   	userdom_use_user_terminals($1)
>   
>   	# SELinux-enabled programs running in the sandbox
> diff --git a/portage.te b/portage.te
> index 903d0d1..4a80703 100644
> --- a/portage.te
> +++ b/portage.te
> @@ -195,6 +195,8 @@ auth_manage_shadow(portage_t)
>   # merging baselayout will need this:
>   init_exec(portage_t)
>   
> +miscfiles_read_localization(portage_t)
> +
>   # run setfiles -r
>   seutil_run_setfiles(portage_t, portage_roles)
>   # run semodule

Merged.

-- 
Chris PeBenito