commit: 553716fd62a9e2fa69786b099562a965eefd49c8
Author: Luis Ressel <aranea <AT> aixah <DOT> de>
AuthorDate: Mon Sep 11 06:40:21 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Sep 14 19:34:44 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=553716fd
portage: Grant the map permissions neccessary for git and install
policy/modules/contrib/portage.if | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/policy/modules/contrib/portage.if
b/policy/modules/contrib/portage.if
index 9f7be361..6388110e 100644
--- a/policy/modules/contrib/portage.if
+++ b/policy/modules/contrib/portage.if
@@ -105,6 +105,7 @@ interface(`portage_compile_domain',`
manage_dirs_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
manage_files_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
manage_lnk_files_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
+ allow $1 portage_srcrepo_t:file map;
# run scripts out of the build directory
can_exec(portage_sandbox_t, portage_tmp_t)
@@ -193,6 +194,9 @@ interface(`portage_compile_domain',`
# SELinux-enabled programs running in the sandbox
seutil_libselinux_linked($1)
+ # required by install
+ seutil_read_file_contexts($1)
+
tunable_policy(`portage_use_nfs',`
fs_getattr_nfs($1)
fs_manage_nfs_dirs($1)
