[refpolicy] [PATCHv2 2/4] Allow puppet to call portage

Sven Vermeulen sven.vermeulen at siphos.be
Tue Sep 13 13:21:08 CDT 2011


Puppet is a configuration management and system management tool. Part of
its job is to manage the package deployments on systems. As such, it
needs the privilege to call and transition to the various portage
domains.

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 puppet.te |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/puppet.te b/puppet.te
index 941f6e1..022fde7 100644
--- a/puppet.te
+++ b/puppet.te
@@ -146,6 +146,12 @@ optional_policy(`
 ')
 
 optional_policy(`
+	portage_domtrans(puppet_t)
+	portage_domtrans_fetch(puppet_t)
+	portage_domtrans_gcc_config(puppet_t)
+')
+
+optional_policy(`
 	files_rw_var_files(puppet_t)
 
 	rpm_domtrans(puppet_t)
-- 
1.7.3.4



More information about the refpolicy mailing list