From ad3ed86a72303c8d00c8fd13906d0be4ecb0fd98 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 6 Sep 2011 13:59:36 -0400 Subject: [PATCH] Rearrange lines in portage.te. --- policy/modules/admin/portage.te | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te index 216dcfb67..3de3245c8 100644 --- a/policy/modules/admin/portage.te +++ b/policy/modules/admin/portage.te @@ -233,12 +233,14 @@ allow portage_fetch_t self:fifo_file rw_fifo_file_perms; allow portage_fetch_t self:tcp_socket create_stream_socket_perms; allow portage_fetch_t self:unix_stream_socket create_socket_perms; -allow portage_fetch_t portage_tmp_t:dir manage_dir_perms; -allow portage_fetch_t portage_tmp_t:file manage_file_perms; allow portage_fetch_t portage_conf_t:dir list_dir_perms; + allow portage_fetch_t portage_gpg_t:dir rw_dir_perms; allow portage_fetch_t portage_gpg_t:file manage_file_perms; +allow portage_fetch_t portage_tmp_t:dir manage_dir_perms; +allow portage_fetch_t portage_tmp_t:file manage_file_perms; + read_files_pattern(portage_fetch_t, portage_conf_t, portage_conf_t) manage_dirs_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t) @@ -257,20 +259,20 @@ corecmd_exec_shell(portage_fetch_t) corenet_all_recvfrom_unlabeled(portage_fetch_t) corenet_all_recvfrom_netlabel(portage_fetch_t) +corenet_tcp_sendrecv_generic_if(portage_fetch_t) +corenet_tcp_sendrecv_generic_node(portage_fetch_t) +corenet_tcp_sendrecv_all_ports(portage_fetch_t) +corenet_tcp_connect_http_cache_port(portage_fetch_t) +corenet_tcp_connect_git_port(portage_fetch_t) +corenet_tcp_connect_rsync_port(portage_fetch_t) corenet_sendrecv_http_client_packets(portage_fetch_t) corenet_sendrecv_http_cache_client_packets(portage_fetch_t) corenet_sendrecv_git_client_packets(portage_fetch_t) corenet_sendrecv_rsync_client_packets(portage_fetch_t) -corenet_tcp_sendrecv_generic_if(portage_fetch_t) -corenet_tcp_sendrecv_generic_node(portage_fetch_t) -corenet_tcp_sendrecv_all_ports(portage_fetch_t) # would rather not connect to unspecified ports, but # it occasionally comes up corenet_tcp_connect_all_reserved_ports(portage_fetch_t) corenet_tcp_connect_generic_port(portage_fetch_t) -corenet_tcp_connect_http_cache_port(portage_fetch_t) -corenet_tcp_connect_git_port(portage_fetch_t) -corenet_tcp_connect_rsync_port(portage_fetch_t) dev_dontaudit_read_rand(portage_fetch_t)