commit: a4743ad2640e89594cd3e992e1aae01f527f4ecc Author: Luis Ressel <aranea <AT> aixah <DOT> de> AuthorDate: Tue Sep 12 07:16:57 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Thu Sep 14 19:34:44 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a4743ad2
portage: Transition to ldconfig_t when calling ldconfig portage_t used to have all neccessary permissions to run ldconfig in its own domain, but ldconfig now needs map access to its cache, so it's either this or allowing portage_t to map ldconfig_cache_t. policy/modules/contrib/portage.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/contrib/portage.te b/policy/modules/contrib/portage.te index 9c406a8b..f64d5b6c 100644 --- a/policy/modules/contrib/portage.te +++ b/policy/modules/contrib/portage.te @@ -202,6 +202,8 @@ auth_manage_shadow(portage_t) # merging baselayout will need this: init_exec(portage_t) +libs_run_ldconfig(portage_t, portage_roles) + miscfiles_read_localization(portage_t) # run setfiles -r