From: pebenito@ieee.org (Chris PeBenito) Date: Mon, 11 Sep 2017 20:11:23 -0400 Subject: [refpolicy] [PATCH 3/3] portage: Allow portage_t and portage_sandbox_t to access locale_t In-Reply-To: <20170911031829.4163-3-aranea@aixah.de> References: <20170911031829.4163-1-aranea@aixah.de> <20170911031829.4163-3-aranea@aixah.de> Message-ID: <677abea3-7a80-9507-da4f-aeb281f3eccf@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 09/10/2017 11:18 PM, Luis Ressel via refpolicy wrote: > This didn't crop out until now due to portage's wideranging access, but > it's neccessary now for the map permission. > > I'm aware adding the interface directly for portage_t is redundant, but > I'm doing it nevertheless in case we ever remove > portage_compile_domain(portage_t). > --- > portage.if | 2 ++ > portage.te | 2 ++ > 2 files changed, 4 insertions(+) > > diff --git a/portage.if b/portage.if > index 3447a45..5e8eb2b 100644 > --- a/portage.if > +++ b/portage.if > @@ -180,6 +180,8 @@ interface(`portage_compile_domain',` > > logging_send_syslog_msg($1) > > + miscfiles_read_localization($1) > + > userdom_use_user_terminals($1) > > # SELinux-enabled programs running in the sandbox > diff --git a/portage.te b/portage.te > index 903d0d1..4a80703 100644 > --- a/portage.te > +++ b/portage.te > @@ -195,6 +195,8 @@ auth_manage_shadow(portage_t) > # merging baselayout will need this: > init_exec(portage_t) > > +miscfiles_read_localization(portage_t) > + > # run setfiles -r > seutil_run_setfiles(portage_t, portage_roles) > # run semodule Merged. -- Chris PeBenito