commit: 07e4b0512b2184ad03b2800e2d3478427768ef06 Author: Jason Zaman <jason <AT> perfinion <DOT> com> AuthorDate: Mon Nov 23 15:23:32 2015 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Dec 19 03:11:08 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=07e4b051
portage: allow portage to rw all MLS levels Without this, portage cannot merge packages that are trusted. eg. sys-process/audit fails to merge /etc/audit/ because it is s15. policy/modules/contrib/portage.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/policy/modules/contrib/portage.te b/policy/modules/contrib/portage.te index 2f62eb6..19bd8c8 100644 --- a/policy/modules/contrib/portage.te +++ b/policy/modules/contrib/portage.te @@ -449,6 +449,11 @@ gen_tunable(portage_enable_test, false) corecmd_relabel_bin_files(portage_t) corecmd_relabel_bin_lnk_files(portage_t) + mls_file_read_all_levels(portage_t) + mls_file_write_all_levels(portage_t) + mls_file_upgrade(portage_t) + mls_file_downgrade(portage_t) + auth_use_nsswitch(portage_t) # Support cgroup FEATURES