From: pebenito@ieee.org (Chris PeBenito) Date: Tue, 19 Sep 2017 18:36:53 -0400 Subject: [refpolicy] [PATCH] portage: Grant portage the map permission on usr_t In-Reply-To: <20170919164021.19528-2-aranea@aixah.de> References: <20170919164021.19528-1-aranea@aixah.de> <20170919164021.19528-2-aranea@aixah.de> Message-ID: <6e571173-00d6-2e57-a516-83755ec1df07@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 09/19/2017 12:40 PM, Luis Ressel via refpolicy wrote: > This is needed for eselect, which portage automatically invokes in some > situations. > --- > portage.te | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/portage.te b/portage.te > index 3b28f81..269329b 100644 > --- a/portage.te > +++ b/portage.te > @@ -186,6 +186,8 @@ domain_dontaudit_read_all_domains_state(portage_t) > > # modify any files in the system > files_manage_all_files(portage_t) > +# eselect uses file, which mmap()s its db > +files_map_usr(portage_t) > > selinux_get_fs_mount(portage_t) Merged, though it needed to be fixed to use the existing interface. -- Chris PeBenito