From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-commits+bounces-716753-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E736E13877A for <garchives@archives.gentoo.org>; Thu, 31 Jul 2014 15:26:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 53C57E08A8; Thu, 31 Jul 2014 15:26:32 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DC193E08A8 for <gentoo-commits@lists.gentoo.org>; Thu, 31 Jul 2014 15:26:31 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id AC428340115 for <gentoo-commits@lists.gentoo.org>; Thu, 31 Jul 2014 15:26:30 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id ED1C018817 for <gentoo-commits@lists.gentoo.org>; Thu, 31 Jul 2014 15:26:28 +0000 (UTC) From: "Sven Vermeulen" <swift@gentoo.org> To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <swift@gentoo.org> Message-ID: <1406820287.fa80a229d122a166c8185af0ff5c1feaeee08655.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/portage.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: fa80a229d122a166c8185af0ff5c1feaeee08655 X-VCS-Branch: master Date: Thu, 31 Jul 2014 15:26:28 +0000 (UTC) Precedence: bulk List-Post: <mailto:gentoo-commits@lists.gentoo.org> List-Help: <mailto:gentoo-commits+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org> X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: a1f5fa76-3277-45a0-adc0-416338b45442 X-Archives-Hash: fecfb8a16bdba11e82a08d4a36a73dc6 commit: fa80a229d122a166c8185af0ff5c1feaeee08655 Author: Jason Zaman <jason <AT> perfinion <DOT> com> AuthorDate: Tue Jul 29 14:14:10 2014 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Thu Jul 31 15:24:47 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=fa80a229 silence portage sandbox a little --- policy/modules/contrib/portage.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/policy/modules/contrib/portage.te b/policy/modules/contrib/portage.te index 579447c..14a7b04 100644 --- a/policy/modules/contrib/portage.te +++ b/policy/modules/contrib/portage.te @@ -469,6 +469,9 @@ gen_tunable(portage_mount_fs, false) filetrans_pattern(portage_sandbox_t, portage_ebuild_t, portage_srcrepo_t, dir, "git3-src") # git-r3.eclass filetrans_pattern(portage_sandbox_t, portage_ebuild_t, portage_srcrepo_t, dir, "svn-src") + # install-xattr does listxattr() which throws a lot of this + dontaudit portage_sandbox_t self:capability sys_admin; + ########################################## # # Portage eselect module domain