Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Luis Ressel <aranea@×××××.de>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] [PATCH 3/4] portage: New read-only interfaces for srcrepo and logs
Date: Thu, 15 Oct 2015 10:45:03
Message-Id: 1444905883-17436-3-git-send-email-aranea@aixah.de
In Reply to: [gentoo-hardened] [PATCH 1/4] portage: Dontaudit setattr in portage_dontaudit_write_cache by Luis Ressel
1 Create portage_read_srcrepo and portage_read_log interfaces.
2 ---
3 policy/modules/contrib/portage.if | 40 +++++++++++++++++++++++++++++++++++++++
4 1 file changed, 40 insertions(+)
5
6 diff --git a/policy/modules/contrib/portage.if b/policy/modules/contrib/portage.if
7 index 4652319..962dcca 100644
8 --- a/policy/modules/contrib/portage.if
9 +++ b/policy/modules/contrib/portage.if
10 @@ -498,6 +498,46 @@ interface(`portage_read_ebuild',`
11
12 ########################################
13 ## <summary>
14 +## Read portage log files
15 +## </summary>
16 +## <param name="domain">
17 +## <summary>
18 +## Domain allowed access
19 +## </summary>
20 +## </param>
21 +#
22 +interface(`portage_read_log',`
23 + gen_require(`
24 + type portage_log_t;
25 + ')
26 +
27 + logging_search_logs($1)
28 + read_files_pattern($1, portage_log_t, portage_log_t)
29 +')
30 +
31 +########################################
32 +## <summary>
33 +## Read portage src repository files
34 +## </summary>
35 +## <param name="domain">
36 +## <summary>
37 +## Domain allowed access
38 +## </summary>
39 +## </param>
40 +#
41 +interface(`portage_read_srcrepo',`
42 + gen_require(`
43 + type portage_ebuild_t, portage_srcrepo_t;
44 + ')
45 +
46 + files_search_usr($1)
47 + list_dirs_pattern($1, portage_ebuild_t, portage_srcrepo_t)
48 + read_files_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
49 + read_lnk_files_pattern($1, portage_srcrepo_t, portage_srcrepo_t)
50 +')
51 +
52 +########################################
53 +## <summary>
54 ## Do not audit writing portage cache files
55 ## </summary>
56 ## <param name="domain">
57 --
58 2.6.1
Report Message
Find on MARC Find on Google Groups