[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Jason Zaman Sun, 11 Dec 2016 07:06:11 -0800

commit:     e9482a3144076e24b1f8c2fca0d12751011a35a3
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sun Dec 11 15:02:34 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Dec 11 15:02:34 2016 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e9482a31


portage: allow to read vm overcommit

 policy/modules/contrib/portage.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/contrib/portage.te 
b/policy/modules/contrib/portage.te
index 52c6bf9..87ca0c6 100644
--- a/policy/modules/contrib/portage.te
+++ b/policy/modules/contrib/portage.te
@@ -444,6 +444,8 @@ gen_tunable(portage_enable_test, false)
        allow portage_t portage_exec_t:file relabel_file_perms;
        allow portage_t portage_fetch_exec_t:file relabel_file_perms;
 
+       kernel_read_vm_overcommit_sysctl(portage_t)
+
        # Portage is selinuxaware, transitions on calling ebuild, now marked as 
bin_t
        corecmd_bin_entry_type(portage_t)
        # Support self-update of Portage

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Reply via email to