From: "Kenton Groombridge" <concord@gentoo.org> To: gentoo-commits@lists.gentoo.org Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/ Date: Sat, 3 Sep 2022 20:04:50 +0000 (UTC) [thread overview] Message-ID: <1662235463.7d41f1b7b4f4d675b62835be6d2416eb2368a1a1.concord@gentoo> (raw) commit: 7d41f1b7b4f4d675b62835be6d2416eb2368a1a1 Author: Kenton Groombridge <concord <AT> gentoo <DOT> org> AuthorDate: Tue Apr 19 22:53:44 2022 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Sat Sep 3 20:04:23 2022 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=7d41f1b7 portage: allow portage to map ebuild files When portage syncs a repo with git, git will mmap() ebuild files. Allow portage to map ebuild files to fix permission denied errors on syncing. Bug: https://bugs.gentoo.org/833017 Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/admin/portage.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te index 86966705..e3a19574 100644 --- a/policy/modules/admin/portage.te +++ b/policy/modules/admin/portage.te @@ -200,6 +200,8 @@ domain_dontaudit_read_all_domains_state(portage_t) files_manage_all_files(portage_t) # eselect uses file, which mmap()s its db files_map_usr_files(portage_t) +# portage executing git mmap()s ebuild files when syncing +allow portage_t portage_ebuild_t:file map; selinux_get_fs_mount(portage_t)
WARNING: multiple messages have this Message-ID (diff)
From: "Kenton Groombridge" <concord@gentoo.org> To: gentoo-commits@lists.gentoo.org Subject: [gentoo-commits] proj/hardened-refpolicy:concord-dev commit in: policy/modules/admin/ Date: Wed, 12 Oct 2022 13:34:59 +0000 (UTC) [thread overview] Message-ID: <1662235463.7d41f1b7b4f4d675b62835be6d2416eb2368a1a1.concord@gentoo> (raw) Message-ID: <20221012133459.1zzzAGMrUCFg8ZFutiAT2I1AJ8_Gq6nGuenpDy5qLDo@z> (raw) commit: 7d41f1b7b4f4d675b62835be6d2416eb2368a1a1 Author: Kenton Groombridge <concord <AT> gentoo <DOT> org> AuthorDate: Tue Apr 19 22:53:44 2022 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Sat Sep 3 20:04:23 2022 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=7d41f1b7 portage: allow portage to map ebuild files When portage syncs a repo with git, git will mmap() ebuild files. Allow portage to map ebuild files to fix permission denied errors on syncing. Bug: https://bugs.gentoo.org/833017 Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/admin/portage.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te index 86966705..e3a19574 100644 --- a/policy/modules/admin/portage.te +++ b/policy/modules/admin/portage.te @@ -200,6 +200,8 @@ domain_dontaudit_read_all_domains_state(portage_t) files_manage_all_files(portage_t) # eselect uses file, which mmap()s its db files_map_usr_files(portage_t) +# portage executing git mmap()s ebuild files when syncing +allow portage_t portage_ebuild_t:file map; selinux_get_fs_mount(portage_t)
next reply other threads:[~2022-09-03 20:04 UTC|newest] Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-09-03 20:04 Kenton Groombridge [this message] 2022-10-12 13:34 ` [gentoo-commits] proj/hardened-refpolicy:concord-dev commit in: policy/modules/admin/ Kenton Groombridge -- strict thread matches above, loose matches on Subject: below -- 2024-10-21 15:19 [gentoo-commits] proj/hardened-refpolicy:master " Kenton Groombridge 2024-05-14 19:42 Kenton Groombridge 2023-02-13 15:35 Kenton Groombridge 2023-02-13 15:35 Kenton Groombridge 2023-02-13 15:35 Kenton Groombridge 2023-02-13 15:35 Kenton Groombridge 2023-02-13 15:35 Kenton Groombridge 2022-12-13 20:55 Kenton Groombridge 2022-11-02 14:42 Kenton Groombridge 2022-11-02 14:42 Kenton Groombridge 2022-11-02 14:42 Kenton Groombridge 2022-09-03 19:54 Jason Zaman 2022-03-31 3:31 Jason Zaman 2022-02-27 2:52 Jason Zaman 2022-02-27 2:52 Jason Zaman 2022-01-31 19:31 Jason Zaman 2022-01-31 19:31 Jason Zaman 2021-11-21 23:20 Jason Zaman 2021-11-21 19:33 Jason Zaman 2021-11-21 19:33 Jason Zaman 2021-11-21 3:00 Jason Zaman 2021-11-21 3:00 Jason Zaman 2021-11-21 3:00 Jason Zaman 2021-11-12 2:00 Jason Zaman 2021-11-11 21:27 Jason Zaman 2021-11-11 21:27 Jason Zaman 2021-09-05 16:00 Jason Zaman 2021-02-07 3:20 Jason Zaman 2021-02-01 2:10 Jason Zaman 2020-11-29 9:14 Jason Zaman 2020-11-28 23:09 Jason Zaman 2020-02-15 7:33 Jason Zaman 2019-12-16 17:48 Jason Zaman 2019-12-16 17:48 Jason Zaman 2019-07-13 7:01 Jason Zaman 2019-07-13 7:01 Jason Zaman 2019-07-13 7:01 Jason Zaman 2019-07-13 7:01 Jason Zaman 2019-07-13 7:01 Jason Zaman 2019-07-13 7:01 Jason Zaman 2019-07-13 7:01 Jason Zaman 2019-07-13 7:01 Jason Zaman 2019-07-13 7:01 Jason Zaman 2019-03-26 10:17 Jason Zaman 2019-03-26 10:17 Jason Zaman 2019-03-26 10:17 Jason Zaman 2019-03-26 10:17 Jason Zaman 2018-12-09 11:48 Jason Zaman 2018-11-11 23:29 Jason Zaman 2018-11-11 23:29 Jason Zaman 2018-11-11 23:29 Jason Zaman 2018-07-12 14:37 Jason Zaman 2017-10-29 20:42 Jason Zaman 2017-06-13 8:25 Jason Zaman 2017-02-17 8:44 Jason Zaman 2017-02-05 9:53 Jason Zaman 2017-01-01 16:36 Jason Zaman 2016-05-13 5:37 Jason Zaman 2015-07-15 13:47 Sven Vermeulen 2015-06-09 10:45 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2015-06-09 10:52 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2015-06-07 9:31 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2015-06-09 10:52 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2015-05-16 11:31 Sven Vermeulen 2015-01-25 14:04 Sven Vermeulen 2014-11-28 10:04 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2014-11-22 17:43 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2014-11-27 22:23 Sven Vermeulen 2014-10-12 8:59 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2014-10-12 9:13 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2014-10-12 8:44 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2014-10-12 9:13 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2014-10-12 8:27 Sven Vermeulen 2014-10-12 8:27 Sven Vermeulen 2014-10-12 8:27 Sven Vermeulen 2014-08-31 18:14 Sven Vermeulen 2014-08-19 20:07 Sven Vermeulen 2014-08-19 20:07 Sven Vermeulen 2014-04-08 16:02 Sven Vermeulen 2014-03-25 19:47 Sven Vermeulen 2014-03-04 15:30 Sven Vermeulen 2014-03-04 15:30 Sven Vermeulen 2014-03-04 15:30 Sven Vermeulen 2014-02-15 9:45 Sven Vermeulen 2014-02-02 12:18 Sven Vermeulen 2013-12-06 17:33 Sven Vermeulen 2013-12-06 17:33 Sven Vermeulen 2013-09-27 13:27 Sven Vermeulen 2013-09-27 13:27 Sven Vermeulen 2013-09-24 17:10 Sven Vermeulen 2013-09-18 14:08 Sven Vermeulen 2013-08-17 18:12 Sven Vermeulen 2013-08-15 12:18 Sven Vermeulen 2013-08-15 12:10 Sven Vermeulen 2013-08-15 12:07 Sven Vermeulen 2013-08-15 11:44 Sven Vermeulen 2013-08-15 11:44 Sven Vermeulen 2013-08-15 11:44 Sven Vermeulen 2013-08-15 11:44 Sven Vermeulen 2013-04-11 7:19 Sven Vermeulen 2013-04-11 7:19 Sven Vermeulen 2013-03-29 12:04 Sven Vermeulen 2013-01-27 13:15 Sven Vermeulen 2013-01-03 16:49 Sven Vermeulen 2012-12-17 9:33 Sven Vermeulen 2012-12-04 20:44 Sven Vermeulen 2012-11-27 19:14 Sven Vermeulen 2012-11-17 20:18 Sven Vermeulen 2012-10-30 20:24 Sven Vermeulen 2012-10-30 20:24 Sven Vermeulen 2012-10-10 19:52 Sven Vermeulen 2012-05-28 8:41 Sven Vermeulen 2012-04-22 12:41 Sven Vermeulen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1662235463.7d41f1b7b4f4d675b62835be6d2416eb2368a1a1.concord@gentoo \ --to=concord@gentoo.org \ --cc=gentoo-commits@lists.gentoo.org \ --cc=gentoo-dev@lists.gentoo.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox