[refpolicy] [PATCH 8/8] Allow cron to execute portage commands

Sven Vermeulen sven.vermeulen at siphos.be
Sat Sep 3 09:23:28 CDT 2011


Many users use portage from within cron (for instance to update the
portage tree or even automatically update their system). As such, we
allow to run portage from the (system) cronjob domains.

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 policy/modules/admin/portage.te |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index 429ffb0..32fbd7d 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -198,6 +198,11 @@ optional_policy(`
 ')
 
 optional_policy(`
+	cron_system_entry(portage_t, portage_exec_t)
+	cron_system_entry(portage_fetch_t, portage_fetch_exec_t)
+')
+
+optional_policy(`
 	modutils_domtrans_depmod(portage_t)
 	modutils_domtrans_update_mods(portage_t)
 	#dontaudit update_modules_t portage_tmp_t:dir search_dir_perms;
-- 
1.7.3.4



More information about the refpolicy mailing list