Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Sun, 29 Oct 2017 20:43:11
Message-Id: 1509285448.c988737ef7f93819a734d799b1b36e4eb5e3f0ee.perfinion@gentoo
1 commit: c988737ef7f93819a734d799b1b36e4eb5e3f0ee
2 Author: Amadeusz Sławiński <amade <AT> asmblr <DOT> net>
3 AuthorDate: Tue Oct 17 21:25:45 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Sun Oct 29 13:57:28 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c988737e
7
8 allow dac_read_search along with dac_override
9
10 newer kernels check dac_read_search first and then for more permissions
11 which are allowed by dac_override
12
13 Signed-off-by: Amadeusz Sławiński <amade <AT> asmblr.net>
14
15 policy/modules/contrib/portage.if | 2 +-
16 1 file changed, 1 insertion(+), 1 deletion(-)
17
18 diff --git a/policy/modules/contrib/portage.if b/policy/modules/contrib/portage.if
19 index 637b0d0d..a81a4d0d 100644
20 --- a/policy/modules/contrib/portage.if
21 +++ b/policy/modules/contrib/portage.if
22 @@ -72,7 +72,7 @@ interface(`portage_compile_domain',`
23 type portage_tmp_t, portage_tmpfs_t;
24 ')
25
26 - allow $1 self:capability { chown dac_override fowner fsetid mknod net_raw setgid setuid };
27 + allow $1 self:capability { chown dac_override dac_read_search fowner fsetid mknod net_raw setgid setuid };
28 dontaudit $1 self:capability sys_chroot;
29 allow $1 self:process { transition signal_perms getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh setrlimit rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit };
30 allow $1 self:fd use;
Report Message
Find on MARC Find on Google Groups