|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(portage_additional, 0.0.6)
|
|
|
+policy_module(portage_additional, 0.0.7)
|
|
|
|
|
|
require {
|
|
|
type portage_fetch_t;
|
|
@@ -11,6 +11,8 @@ require {
|
|
|
type portage_conf_t;
|
|
|
type portage_ebuild_t;
|
|
|
type proc_t;
|
|
|
+ type zero_device_t;
|
|
|
+ type cert_t;
|
|
|
}
|
|
|
|
|
|
allow portage_fetch_t self:process execmem;
|
|
@@ -45,10 +47,17 @@ allow portage_t etc_t:file { relabelfrom relabelto };
|
|
|
allow portage_t self:dir { add_name write };
|
|
|
allow portage_t self:file create;
|
|
|
allow portage_t proc_t:filesystem associate;
|
|
|
-
|
|
|
+allow portage_t cert_t:file map;
|
|
|
+allow portage_t portage_ebuild_t:file map;
|
|
|
|
|
|
|
|
|
kernel_read_crypto_sysctls(portage_sandbox_t)
|
|
|
auth_getattr_shadow(portage_sandbox_t)
|
|
|
allow portage_sandbox_t ldconfig_cache_t:file map;
|
|
|
dev_rw_zero(portage_sandbox_t)
|
|
|
+fs_getattr_cgroup(portage_sandbox_t)
|
|
|
+kernel_getattr_debugfs(portage_sandbox_t)
|
|
|
+dev_getattr_fs(portage_sandbox_t)
|
|
|
+fs_getattr_pstorefs(portage_sandbox_t)
|
|
|
+fs_getattr_tracefs(portage_sandbox_t)
|
|
|
+allow portage_sandbox_t zero_device_t:chr_file map;
|