From: aranea@aixah.de (Luis Ressel)
Date: Tue, 19 Sep 2017 18:40:21 +0200
Subject: [refpolicy] [PATCH] portage: Grant portage the map permission on
	usr_t
In-Reply-To: <20170919164021.19528-1-aranea@aixah.de>
References: <20170919164021.19528-1-aranea@aixah.de>
Message-ID: <20170919164021.19528-2-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This is needed for eselect, which portage automatically invokes in some
situations.
---
 portage.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/portage.te b/portage.te
index 3b28f81..269329b 100644
--- a/portage.te
+++ b/portage.te
@@ -186,6 +186,8 @@ domain_dontaudit_read_all_domains_state(portage_t)
 
 # modify any files in the system
 files_manage_all_files(portage_t)
+# eselect uses file, which mmap()s its db
+files_map_usr(portage_t)
 
 selinux_get_fs_mount(portage_t)
 
-- 
2.14.1