From: pebenito@ieee.org (Chris PeBenito)
Date: Tue, 12 Sep 2017 18:56:32 -0400
Subject: [refpolicy] [PATCH] portage: Grant the map permissions
 neccessary for git and install
In-Reply-To: <20170911064021.6469-1-aranea@aixah.de>
References: <20170911064021.6469-1-aranea@aixah.de>
Message-ID: <45859c21-503b-0e82-cf64-ca8d90a846d0@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/11/2017 02:40 AM, Luis Ressel via refpolicy wrote:
> ---
>   portage.if | 4 ++++
>   1 file changed, 4 insertions(+)
> 
> diff --git a/portage.if b/portage.if
> index 5e8eb2ba..c0c7e9be 100644
> --- a/portage.if
> +++ b/portage.if
> @@ -102,6 +102,7 @@ interface(`portage_compile_domain',`
>   	manage_dirs_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
>   	manage_files_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
>   	manage_lnk_files_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
> +	allow $1 portage_srcrepo_t:file map;
>   
>   	# run scripts out of the build directory
>   	can_exec(portage_sandbox_t, portage_tmp_t)
> @@ -187,6 +188,9 @@ interface(`portage_compile_domain',`
>   	# SELinux-enabled programs running in the sandbox
>   	seutil_libselinux_linked($1)
>   
> +	# required by install
> +	seutil_read_file_contexts($1)
> +
>   	tunable_policy(`portage_use_nfs',`
>   		fs_getattr_nfs($1)
>   		fs_manage_nfs_dirs($1)

Merged.

-- 
Chris PeBenito