1 |
commit: 07e4b0512b2184ad03b2800e2d3478427768ef06 |
2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
3 |
AuthorDate: Mon Nov 23 15:23:32 2015 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Dec 19 03:11:08 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=07e4b051 |
7 |
|
8 |
portage: allow portage to rw all MLS levels |
9 |
|
10 |
Without this, portage cannot merge packages that are trusted. |
11 |
eg. sys-process/audit fails to merge /etc/audit/ because it is s15. |
12 |
|
13 |
policy/modules/contrib/portage.te | 5 +++++ |
14 |
1 file changed, 5 insertions(+) |
15 |
|
16 |
diff --git a/policy/modules/contrib/portage.te b/policy/modules/contrib/portage.te |
17 |
index 2f62eb6..19bd8c8 100644 |
18 |
--- a/policy/modules/contrib/portage.te |
19 |
+++ b/policy/modules/contrib/portage.te |
20 |
@@ -449,6 +449,11 @@ gen_tunable(portage_enable_test, false) |
21 |
corecmd_relabel_bin_files(portage_t) |
22 |
corecmd_relabel_bin_lnk_files(portage_t) |
23 |
|
24 |
+ mls_file_read_all_levels(portage_t) |
25 |
+ mls_file_write_all_levels(portage_t) |
26 |
+ mls_file_upgrade(portage_t) |
27 |
+ mls_file_downgrade(portage_t) |
28 |
+ |
29 |
auth_use_nsswitch(portage_t) |
30 |
|
31 |
# Support cgroup FEATURES |