From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C16971396D1 for ; Fri, 15 Sep 2017 03:42:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E092BE0CB6; Fri, 15 Sep 2017 03:42:46 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BDAA4E0CA7 for ; Fri, 15 Sep 2017 03:42:46 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id E6D1133BEBE for ; Fri, 15 Sep 2017 03:42:45 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id B66AE9083 for ; Fri, 15 Sep 2017 03:42:42 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1505417683.c33f11a936d20aa6ab8975386525a267656f8e1b.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/portage.if policy/modules/contrib/portage.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: c33f11a936d20aa6ab8975386525a267656f8e1b X-VCS-Branch: master Date: Fri, 15 Sep 2017 03:42:42 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 4326f9ce-414f-483f-bda5-1ffd81ef3a33 X-Archives-Hash: 9e2fd944803cc82f08204fea7bd6646a commit: c33f11a936d20aa6ab8975386525a267656f8e1b Author: Luis Ressel aixah de> AuthorDate: Mon Sep 11 03:18:29 2017 +0000 Commit: Jason Zaman gentoo org> CommitDate: Thu Sep 14 19:34:43 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c33f11a9 portage: Allow portage_t and portage_sandbox_t to access locale_t This didn't crop out until now due to portage's wideranging access, but it's neccessary now for the map permission. I'm aware adding the interface directly for portage_t is redundant, but I'm doing it nevertheless in case we ever remove portage_compile_domain(portage_t). policy/modules/contrib/portage.if | 2 ++ policy/modules/contrib/portage.te | 2 ++ 2 files changed, 4 insertions(+) diff --git a/policy/modules/contrib/portage.if b/policy/modules/contrib/portage.if index 70f657ab..9f7be361 100644 --- a/policy/modules/contrib/portage.if +++ b/policy/modules/contrib/portage.if @@ -186,6 +186,8 @@ interface(`portage_compile_domain',` logging_send_syslog_msg($1) + miscfiles_read_localization($1) + userdom_use_user_terminals($1) # SELinux-enabled programs running in the sandbox diff --git a/policy/modules/contrib/portage.te b/policy/modules/contrib/portage.te index 2387c941..b0175d83 100644 --- a/policy/modules/contrib/portage.te +++ b/policy/modules/contrib/portage.te @@ -203,6 +203,8 @@ auth_manage_shadow(portage_t) # merging baselayout will need this: init_exec(portage_t) +miscfiles_read_localization(portage_t) + # run setfiles -r seutil_run_setfiles(portage_t, portage_roles) # run semodule