|
|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(portage_additional, 0.0.8)
|
|
|
+policy_module(portage_additional, 0.0.9)
|
|
|
|
|
|
require {
|
|
|
type portage_fetch_t;
|
|
|
@@ -39,7 +39,7 @@ files_manage_var_lib_dirs(portage_fetch_t)
|
|
|
manage_files_pattern(portage_fetch_t, var_lib_t, var_lib_t)
|
|
|
|
|
|
allow portage_fetch_t portage_conf_t:file write;
|
|
|
-allow portage_fetch_t etc_t:file link;
|
|
|
+allow portage_fetch_t etc_t:file { link unlink };
|
|
|
allow portage_fetch_t portage_ebuild_t:file map;
|
|
|
allow portage_fetch_t self:process execmem;
|
|
|
allow portage_fetch_t portage_tmp_t:dir watch;
|
|
|
@@ -70,5 +70,6 @@ dev_getattr_fs(portage_sandbox_t)
|
|
|
fs_getattr_pstorefs(portage_sandbox_t)
|
|
|
fs_getattr_tracefs(portage_sandbox_t)
|
|
|
allow portage_sandbox_t zero_device_t:chr_file map;
|
|
|
+modutils_read_module_deps(portage_sandbox_t)
|
|
|
|
|
|
allow portage_fetch_t porticron_t:fd use;
|
