From: aranea@aixah.de (Luis Ressel)
Date: Tue, 12 Sep 2017 09:16:43 +0200
Subject: [refpolicy] [PATCH] portage: Add an interface to dontaudit accesses
	to ptys inherited from portage
Message-ID: <20170912071643.22114-1-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

---
 portage.if | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/portage.if b/portage.if
index c0c7e9b..77bc1d2 100644
--- a/portage.if
+++ b/portage.if
@@ -359,3 +359,23 @@ interface(`portage_dontaudit_rw_tmp_files',`
 
 	dontaudit $1 portage_tmp_t:file rw_file_perms;
 ')
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write
+##	portage ptys.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`portage_dontaudit_use_ptys',`
+	gen_require(`
+		type portage_devpts_t;
+	')
+
+	dontaudit $1 portage_devpts_t:chr_file rw_inherited_term_perms;
+	term_dontaudit_use_ptmx($1)
+')
-- 
2.14.1