Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Luis Ressel <aranea@×××××.de>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] [PATCH 2/4] portage: Fix the gen_require of the portage_compile_domain interface
Date: Thu, 15 Oct 2015 10:46:07
Message-Id: 1444905883-17436-2-git-send-email-aranea@aixah.de
In Reply to: [gentoo-hardened] [PATCH 1/4] portage: Dontaudit setattr in portage_dontaudit_write_cache by Luis Ressel
1 The portage_compile_domain interface used portage_sandbox_t without
2 requiring it.
3 ---
4 policy/modules/contrib/portage.if | 4 ++--
5 1 file changed, 2 insertions(+), 2 deletions(-)
6
7 diff --git a/policy/modules/contrib/portage.if b/policy/modules/contrib/portage.if
8 index c98a763..4652319 100644
9 --- a/policy/modules/contrib/portage.if
10 +++ b/policy/modules/contrib/portage.if
11 @@ -68,8 +68,8 @@ interface(`portage_run',`
12 interface(`portage_compile_domain',`
13 gen_require(`
14 class dbus send_msg;
15 - type portage_devpts_t, portage_log_t, portage_srcrepo_t, portage_tmp_t;
16 - type portage_tmpfs_t;
17 + type portage_devpts_t, portage_log_t, portage_sandbox_t, portage_srcrepo_t;
18 + type portage_tmp_t, portage_tmpfs_t;
19 ')
20
21 allow $1 self:capability { fowner fsetid mknod setgid setuid chown dac_override net_raw };
22 --
23 2.6.1
Report Message
Find on MARC Find on Google Groups