|
|
@@ -1,4 +1,4 @@
|
|
|
-policy_module(portage_additional, 0.0.7)
|
|
|
+policy_module(portage_additional, 0.0.8)
|
|
|
|
|
|
require {
|
|
|
type portage_fetch_t;
|
|
|
@@ -14,9 +14,15 @@ require {
|
|
|
type zero_device_t;
|
|
|
type cert_t;
|
|
|
type porticron_t;
|
|
|
+ type portage_tmp_t;
|
|
|
+ type dri_device_t;
|
|
|
}
|
|
|
|
|
|
-allow portage_fetch_t self:process execmem;
|
|
|
+allow portage_t dri_device_t:chr_file getattr;
|
|
|
+allow portage_t portage_fetch_t:unix_stream_socket connectto;
|
|
|
+
|
|
|
+allow portage_sandbox_t dri_device_t:chr_file getattr;
|
|
|
+
|
|
|
|
|
|
corenet_tcp_bind_generic_node(portage_fetch_t)
|
|
|
files_list_boot(portage_fetch_t)
|
|
|
@@ -35,6 +41,8 @@ manage_files_pattern(portage_fetch_t, var_lib_t, var_lib_t)
|
|
|
allow portage_fetch_t portage_conf_t:file write;
|
|
|
allow portage_fetch_t etc_t:file link;
|
|
|
allow portage_fetch_t portage_ebuild_t:file map;
|
|
|
+allow portage_fetch_t self:process execmem;
|
|
|
+allow portage_fetch_t portage_tmp_t:dir watch;
|
|
|
|
|
|
corenet_udp_bind_generic_node(portage_t)
|
|
|
corenet_tcp_bind_generic_node(portage_t)
|
