Portage fixes for installing SELinux-aware programs.

This commit is contained in:
Chris PeBenito 2010-02-17 20:23:41 -05:00
parent c06a4452e2
commit 05bd2f9837
1 changed files with 8 additions and 0 deletions

View File

@ -114,6 +114,8 @@ interface(`portage_compile_domain',`
manage_fifo_files_pattern($1, portage_tmp_t, portage_tmp_t)
manage_sock_files_pattern($1, portage_tmp_t, portage_tmp_t)
files_tmp_filetrans($1, portage_tmp_t, { dir file lnk_file sock_file fifo_file })
# SELinux-enabled programs running in the sandbox
allow $1 portage_tmp_t:file relabel_file_perms;
manage_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
manage_lnk_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
@ -152,6 +154,8 @@ interface(`portage_compile_domain',`
domain_use_interactive_fds($1)
domain_dontaudit_read_all_domains_state($1)
# SELinux-aware installs doing relabels in the sandbox
domain_obj_id_change_exemption($1)
files_exec_etc_files($1)
files_exec_usr_src_files($1)
@ -162,6 +166,7 @@ interface(`portage_compile_domain',`
fs_read_noxattr_fs_symlinks($1)
fs_search_auto_mountpoints($1)
selinux_validate_context($1)
# needed for merging dbus:
selinux_compute_access_vector($1)
@ -180,6 +185,9 @@ interface(`portage_compile_domain',`
userdom_use_user_terminals($1)
# SELinux-enabled programs running in the sandbox
seutil_libselinux_linked($1)
ifdef(`TODO',`
# some gui ebuilds want to interact with X server, like xawtv
optional_policy(`