[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Sven Vermeulen Thu, 31 Jul 2014 08:27:07 -0700

commit:     fa80a229d122a166c8185af0ff5c1feaeee08655
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Jul 29 14:14:10 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Jul 31 15:24:47 2014 +0000
URL:        
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=fa80a229


silence portage sandbox a little

---
 policy/modules/contrib/portage.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/policy/modules/contrib/portage.te 
b/policy/modules/contrib/portage.te
index 579447c..14a7b04 100644
--- a/policy/modules/contrib/portage.te
+++ b/policy/modules/contrib/portage.te
@@ -469,6 +469,9 @@ gen_tunable(portage_mount_fs, false)
        filetrans_pattern(portage_sandbox_t, portage_ebuild_t, 
portage_srcrepo_t, dir, "git3-src") # git-r3.eclass
        filetrans_pattern(portage_sandbox_t, portage_ebuild_t, 
portage_srcrepo_t, dir, "svn-src")
 
+       # install-xattr does listxattr() which throws a lot of this
+       dontaudit portage_sandbox_t self:capability sys_admin;
+
        ##########################################
        #
        # Portage eselect module domain

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Reply via email to