|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(portage_additional, 0.0.2)
|
|
|
+policy_module(portage_additional, 0.0.3)
|
|
|
|
|
|
require {
|
|
|
type portage_fetch_t;
|
|
@@ -17,13 +17,17 @@ kernel_read_crypto_sysctls(portage_fetch_t)
|
|
|
dev_read_urand(portage_fetch_t)
|
|
|
files_manage_var_files(portage_fetch_t)
|
|
|
files_manage_var_dirs(portage_fetch_t)
|
|
|
+files_search_src(portage_fetch_t)
|
|
|
+files_getattr_usr_src_files(portage_fetch_t)
|
|
|
+
|
|
|
allow portage_fetch_t etc_t:file link;
|
|
|
|
|
|
corenet_udp_bind_generic_node(portage_t)
|
|
|
+files_manage_etc_files(portage_t)
|
|
|
allow portage_t self:process ptrace;
|
|
|
allow portage_t unlabeled_t:file { execute execute_no_trans map relabelfrom relabelto };
|
|
|
allow portage_t usr_t:file { execute execute_no_trans };
|
|
|
|
|
|
|
|
|
allow portage_sandbox_t ldconfig_cache_t:file map;
|
|
|
-
|
|
|
+dev_rw_zero(portage_sandbox_t)
|