|
|
@@ -1,9 +1,13 @@
|
|
|
-policy_module(portage_additional, 0.0.1)
|
|
|
+policy_module(portage_additional, 0.0.2)
|
|
|
|
|
|
require {
|
|
|
type portage_fetch_t;
|
|
|
+ type portage_sandbox_t;
|
|
|
type portage_t;
|
|
|
type etc_t;
|
|
|
+ type ldconfig_cache_t;
|
|
|
+ type unlabeled_t;
|
|
|
+ type usr_t;
|
|
|
}
|
|
|
|
|
|
files_list_boot(portage_fetch_t)
|
|
|
@@ -16,3 +20,10 @@ files_manage_var_dirs(portage_fetch_t)
|
|
|
allow portage_fetch_t etc_t:file link;
|
|
|
|
|
|
corenet_udp_bind_generic_node(portage_t)
|
|
|
+allow portage_t self:process ptrace;
|
|
|
+allow portage_t unlabeled_t:file { execute execute_no_trans map relabelfrom relabelto };
|
|
|
+allow portage_t usr_t:file { execute execute_no_trans };
|
|
|
+
|
|
|
+
|
|
|
+allow portage_sandbox_t ldconfig_cache_t:file map;
|
|
|
+
|
