[refpolicy] [PATCHv2 5/8] Introduce portage_fetch_t as an application domain

Christopher J. PeBenito cpebenito at tresys.com
Tue Sep 6 13:09:45 CDT 2011


On 09/03/11 10:21, Sven Vermeulen wrote:
> diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if
> index 3dd9f65..9f7d652 100644
> --- a/policy/modules/admin/portage.if
> +++ b/policy/modules/admin/portage.if
> @@ -16,6 +16,7 @@
>  interface(`portage_domtrans',`
>  	gen_require(`
>  		type portage_t, portage_exec_t;
> +		type portage_fetch_t, portage_fetch_exec_t;
>  	')
>  
>  	files_search_usr($1)
> @@ -23,6 +24,7 @@ interface(`portage_domtrans',`
>  
>  	# transition to portage
>  	domtrans_pattern($1, portage_exec_t, portage_t)
> +	domtrans_pattern($1, portage_fetch_exec_t, portage_fetch_t)
>  ')

This needs to be moved into its own interface.  Otherwise there is no option to only run portage or only run fetch.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com


More information about the refpolicy mailing list