diff options
author | Jason Zaman <jason@perfinion.com> | 2018-06-08 19:09:13 +0800 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2018-06-08 19:19:06 +0800 |
commit | 15024f09418e364b25ab3ba1b3c202d41b6bacd3 (patch) | |
tree | 26f0ea77b8a88576083515691114bedce34e5078 /policy | |
parent | gpg: Introduce gpg_exec_agent() (diff) | |
download | hardened-refpolicy-15024f09418e364b25ab3ba1b3c202d41b6bacd3.tar.gz hardened-refpolicy-15024f09418e364b25ab3ba1b3c202d41b6bacd3.tar.bz2 hardened-refpolicy-15024f09418e364b25ab3ba1b3c202d41b6bacd3.zip |
portage: allow gpg for tree signature verification2.20180114-r3
Diffstat (limited to 'policy')
-rw-r--r-- | policy/modules/contrib/portage.te | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/policy/modules/contrib/portage.te b/policy/modules/contrib/portage.te index e0aea54c..47d7fcc6 100644 --- a/policy/modules/contrib/portage.te +++ b/policy/modules/contrib/portage.te @@ -228,6 +228,10 @@ optional_policy(` ') optional_policy(` + gpg_spec_domtrans(portage_t, portage_fetch_t) +') + +optional_policy(` modutils_run(portage_t, portage_roles) #dontaudit update_modules_t portage_tmp_t:dir search_dir_perms; ') @@ -253,7 +257,7 @@ allow portage_fetch_t self:process signal; allow portage_fetch_t self:capability { chown dac_read_search dac_override fowner fsetid }; allow portage_fetch_t self:fifo_file rw_fifo_file_perms; allow portage_fetch_t self:tcp_socket { accept listen }; -allow portage_fetch_t self:unix_stream_socket create_socket_perms; +allow portage_fetch_t self:unix_stream_socket { connectto create_stream_socket_perms }; allow portage_fetch_t portage_conf_t:dir list_dir_perms; @@ -264,6 +268,7 @@ allow portage_fetch_t portage_gpg_t:file manage_file_perms; allow portage_fetch_t portage_tmp_t:dir manage_dir_perms; allow portage_fetch_t portage_tmp_t:file manage_file_perms; +allow portage_fetch_t portage_tmp_t:sock_file manage_sock_file_perms; read_files_pattern(portage_fetch_t, portage_conf_t, portage_conf_t) @@ -300,8 +305,10 @@ corenet_tcp_connect_all_reserved_ports(portage_fetch_t) corenet_tcp_connect_generic_port(portage_fetch_t) # bug 540056 corenet_tcp_connect_all_unreserved_ports(portage_fetch_t) +corenet_udp_bind_generic_node(portage_fetch_t) +corenet_udp_bind_all_unreserved_ports(portage_fetch_t) -dev_dontaudit_read_rand(portage_fetch_t) +dev_read_rand(portage_fetch_t) domain_use_interactive_fds(portage_fetch_t) @@ -344,7 +351,13 @@ tunable_policy(`portage_read_user_content',` ') optional_policy(` + gpg_entry_type(portage_fetch_t) gpg_exec(portage_fetch_t) + gpg_exec_agent(portage_fetch_t) +') + +optional_policy(` + dirmngr_exec(portage_fetch_t) ') ########################################## |