From: pebenito@ieee.org (Chris PeBenito)
Date: Tue, 19 Sep 2017 18:36:53 -0400
Subject: [refpolicy] [PATCH] portage: Grant portage the map permission
 on usr_t
In-Reply-To: <20170919164021.19528-2-aranea@aixah.de>
References: <20170919164021.19528-1-aranea@aixah.de>
	<20170919164021.19528-2-aranea@aixah.de>
Message-ID: <6e571173-00d6-2e57-a516-83755ec1df07@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/19/2017 12:40 PM, Luis Ressel via refpolicy wrote:
> This is needed for eselect, which portage automatically invokes in some
> situations.
> ---
>   portage.te | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/portage.te b/portage.te
> index 3b28f81..269329b 100644
> --- a/portage.te
> +++ b/portage.te
> @@ -186,6 +186,8 @@ domain_dontaudit_read_all_domains_state(portage_t)
>   
>   # modify any files in the system
>   files_manage_all_files(portage_t)
> +# eselect uses file, which mmap()s its db
> +files_map_usr(portage_t)
>   
>   selinux_get_fs_mount(portage_t)

Merged, though it needed to be fixed to use the existing interface.


-- 
Chris PeBenito