[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Jason Zaman Fri, 18 Dec 2015 19:16:22 -0800

commit:     07e4b0512b2184ad03b2800e2d3478427768ef06
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Mon Nov 23 15:23:32 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Dec 19 03:11:08 2015 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=07e4b051


portage: allow portage to rw all MLS levels

Without this, portage cannot merge packages that are trusted.
eg. sys-process/audit fails to merge /etc/audit/ because it is s15.

 policy/modules/contrib/portage.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/policy/modules/contrib/portage.te 
b/policy/modules/contrib/portage.te
index 2f62eb6..19bd8c8 100644
--- a/policy/modules/contrib/portage.te
+++ b/policy/modules/contrib/portage.te
@@ -449,6 +449,11 @@ gen_tunable(portage_enable_test, false)
        corecmd_relabel_bin_files(portage_t)
        corecmd_relabel_bin_lnk_files(portage_t)
 
+       mls_file_read_all_levels(portage_t)
+       mls_file_write_all_levels(portage_t)
+       mls_file_upgrade(portage_t)
+       mls_file_downgrade(portage_t)
+
        auth_use_nsswitch(portage_t)
 
        # Support cgroup FEATURES

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Reply via email to