|
|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(portage_additional, 0.0.3)
|
|
|
+policy_module(portage_additional, 0.0.4)
|
|
|
|
|
|
require {
|
|
|
type portage_fetch_t;
|
|
|
@@ -24,9 +24,13 @@ allow portage_fetch_t etc_t:file link;
|
|
|
|
|
|
corenet_udp_bind_generic_node(portage_t)
|
|
|
files_manage_etc_files(portage_t)
|
|
|
+kernel_read_crypto_sysctls(portage_t)
|
|
|
allow portage_t self:process ptrace;
|
|
|
+allow portage_t self:capability sys_resource;
|
|
|
allow portage_t unlabeled_t:file { execute execute_no_trans map relabelfrom relabelto };
|
|
|
allow portage_t usr_t:file { execute execute_no_trans };
|
|
|
+allow portage_t etc_t:file { relabelfrom relabelto };
|
|
|
+
|
|
|
|
|
|
|
|
|
allow portage_sandbox_t ldconfig_cache_t:file map;
|
