From: jason@perfinion.com (Jason Zaman) Date: Fri, 8 Jun 2018 17:53:41 +0800 Subject: [refpolicy] [PATCH 5/5] Allow portage to use GPG for tree signature verification In-Reply-To: <20180608095341.20837-1-jason@perfinion.com> References: <20180608095341.20837-1-jason@perfinion.com> Message-ID: <20180608095341.20837-5-jason@perfinion.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com --- dirmngr.te | 6 ++++++ gpg.te | 12 ++++++++++++ portage.te | 4 ++++ 3 files changed, 22 insertions(+) diff --git a/dirmngr.te b/dirmngr.te index 983de0c..d087f0e 100644 --- a/dirmngr.te +++ b/dirmngr.te @@ -89,3 +89,9 @@ optional_policy(` gpg_secret_filetrans(dirmngr_t, dirmngr_home_t, dir) gpg_stream_connect_agent(dirmngr_t) ') + +ifdef(`distro_gentoo',` + optional_policy(` + portage_manage_tmp(dirmngr_t) + ') +') diff --git a/gpg.te b/gpg.te index 3420a21..fe407f5 100644 --- a/gpg.te +++ b/gpg.te @@ -193,6 +193,12 @@ optional_policy(` xserver_rw_xdm_pipes(gpg_t) ') +ifdef(`distro_gentoo',` + optional_policy(` + portage_manage_tmp(gpg_t) + ') +') + ######################################## # # Helper local policy @@ -318,6 +324,12 @@ optional_policy(` xserver_read_user_xauth(gpg_agent_t) ') +ifdef(`distro_gentoo',` + optional_policy(` + portage_manage_tmp(gpg_agent_t) + ') +') + ############################## # # Pinentry local policy diff --git a/portage.te b/portage.te index 2146005..4b72a16 100644 --- a/portage.te +++ b/portage.te @@ -218,6 +218,10 @@ optional_policy(` cron_system_entry(portage_fetch_t, portage_fetch_exec_t) ') +optional_policy(` + gpg_domtrans(portage_t) +') + optional_policy(` modutils_run(portage_t, portage_roles) #dontaudit update_modules_t portage_tmp_t:dir search_dir_perms; -- 2.16.4