From: aranea@aixah.de (Luis Ressel) Date: Tue, 12 Sep 2017 03:47:37 +0200 Subject: [refpolicy] [PATCH] portage: Grant the map permissions neccessary for git and install In-Reply-To: References: <20170911064021.6469-1-aranea@aixah.de> Message-ID: <20170912034737.5e2cfe8a@vega.skynet.aixah.de> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, 11 Sep 2017 20:12:51 -0400 Chris PeBenito via refpolicy wrote: > On 09/11/2017 02:40 AM, Luis Ressel via refpolicy wrote: > > --- > > portage.if | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/portage.if b/portage.if > > index 5e8eb2ba..c0c7e9be 100644 > > --- a/portage.if > > +++ b/portage.if > > @@ -102,6 +102,7 @@ interface(`portage_compile_domain',` > > manage_dirs_pattern($1, portage_srcrepo_t, > > portage_srcrepo_t) manage_files_pattern($1, portage_srcrepo_t, > > portage_srcrepo_t) manage_lnk_files_pattern($1, portage_srcrepo_t, > > portage_srcrepo_t) > > + allow $1 portage_srcrepo_t:file map; > > When you say needed for git, is this when using an ebuild that builds > from a git repo rather than unpacking a tarball? What is it mapping? Exactly, this is for live ebuilds and other users of git repos. git maps its packfiles, and doesn't fall back to read(). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20170912/5c7ec51b/attachment.bin