From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id A41D913877A for ; Mon, 11 Aug 2014 21:25:42 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 94738E1015; Mon, 11 Aug 2014 20:25:30 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 50443E1053 for ; Mon, 11 Aug 2014 20:21:37 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id F1F3A34021D for ; Sun, 10 Aug 2014 16:59:09 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id AD34D18815 for ; Sun, 10 Aug 2014 16:59:08 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1407689939.5e606ee00a9f96391f63fad8c2b127b41f1d8713.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/portage.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 5e606ee00a9f96391f63fad8c2b127b41f1d8713 X-VCS-Branch: master Date: Sun, 10 Aug 2014 16:59:08 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 91f4f1c9-0fc1-4389-a1f1-e75fbc6a928a X-Archives-Hash: c92e248dbc90de4b0d83b6ba38c7c7a9 commit: 5e606ee00a9f96391f63fad8c2b127b41f1d8713 Author: Sven Vermeulen siphos be> AuthorDate: Sun Aug 10 16:58:59 2014 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Sun Aug 10 16:58:59 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=5e606ee0 Layman needs manage rights on portage cache (write to /var/cache/edb) as well as ebuild symlinks --- policy/modules/contrib/portage.te | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/policy/modules/contrib/portage.te b/policy/modules/contrib/portage.te index 14a7b04..83d6ab4 100644 --- a/policy/modules/contrib/portage.te +++ b/policy/modules/contrib/portage.te @@ -390,8 +390,10 @@ gen_tunable(portage_mount_fs, false) # Portage fetch local policy # + manage_files_pattern(portage_fetch_t, portage_cache_t, portage_cache_t) + manage_dirs_pattern(portage_fetch_t, portage_cache_t, portage_cache_t) read_lnk_files_pattern(portage_fetch_t, portage_conf_t, portage_conf_t) - read_lnk_files_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t) + manage_lnk_files_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t) dev_rw_autofs(portage_fetch_t)