From: aranea@aixah.de (Luis Ressel)
Date: Tue, 12 Sep 2017 03:47:37 +0200
Subject: [refpolicy] [PATCH] portage: Grant the map permissions
 neccessary for git and install
In-Reply-To: <fddd8796-3bc9-177a-7f2b-3753059c4e04@ieee.org>
References: <20170911064021.6469-1-aranea@aixah.de>
	<fddd8796-3bc9-177a-7f2b-3753059c4e04@ieee.org>
Message-ID: <20170912034737.5e2cfe8a@vega.skynet.aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 11 Sep 2017 20:12:51 -0400
Chris PeBenito via refpolicy <refpolicy@oss.tresys.com> wrote:

> On 09/11/2017 02:40 AM, Luis Ressel via refpolicy wrote:
> > ---
> >   portage.if | 4 ++++
> >   1 file changed, 4 insertions(+)
> > 
> > diff --git a/portage.if b/portage.if
> > index 5e8eb2ba..c0c7e9be 100644
> > --- a/portage.if
> > +++ b/portage.if
> > @@ -102,6 +102,7 @@ interface(`portage_compile_domain',`
> >   	manage_dirs_pattern($1, portage_srcrepo_t,
> > portage_srcrepo_t) manage_files_pattern($1, portage_srcrepo_t,
> > portage_srcrepo_t) manage_lnk_files_pattern($1, portage_srcrepo_t,
> > portage_srcrepo_t)
> > +	allow $1 portage_srcrepo_t:file map;  
> 
> When you say needed for git, is this when using an ebuild that builds 
> from a git repo rather than unpacking a tarball?  What is it mapping?

Exactly, this is for live ebuilds and other users of git repos. git
maps its packfiles, and doesn't fall back to read().
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20170912/5c7ec51b/attachment.bin