setfscreate privilege is needed to be able to install java-config package
During the installation of for instance java-config, Portage wants to set its default file creation context to root:object_r:portage_tmp_t which isn't allowed: creating /var/tmp/portage/dev-java/java-config-2.1.11-r3/temp/images/3.1/etc/revdep-rebuild copying src/revdep-rebuild/60-java -> /var/tmp/portage/dev-java/java-config-2.1.11-r3/temp/images/3.1/etc/revdep-rebuild/ running install_egg_info Writing /var/tmp/portage/dev-java/java-config-2.1.11-r3/temp/images/3.1/usr/lib64/python3.1/site-packages/java_config-2.1.11-py3.1.egg-info cp: failed to set default file creation context to `root:object_r:portage_tmp_t': Permission denied cp: failed to set default file creation context to `root:object_r:portage_tmp_t': Permission denied cp: failed to set default file creation context to `root:object_r:portage_tmp_t': Permission denied cp: failed to set default file creation context to `root:object_r:portage_tmp_t': Permission denied ... ERROR: dev-java/java-config-2.1.11-r3 failed: Merging of intermediate installation image for Python ABI '2.6 into installation image failed Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
parent
fd9ec1f728
commit
f13b563891
|
@ -77,8 +77,8 @@ interface(`portage_compile_domain',`
|
||||||
|
|
||||||
allow $1 self:capability { fowner fsetid mknod setgid setuid chown dac_override net_raw };
|
allow $1 self:capability { fowner fsetid mknod setgid setuid chown dac_override net_raw };
|
||||||
dontaudit $1 self:capability sys_chroot;
|
dontaudit $1 self:capability sys_chroot;
|
||||||
allow $1 self:process { setpgid setsched setrlimit signal_perms execmem };
|
allow $1 self:process { setpgid setsched setrlimit signal_perms execmem setfscreate };
|
||||||
allow $1 self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
|
allow $1 self:process ~{ ptrace setcurrent setexec setrlimit execmem execstack execheap };
|
||||||
allow $1 self:fd use;
|
allow $1 self:fd use;
|
||||||
allow $1 self:fifo_file rw_fifo_file_perms;
|
allow $1 self:fifo_file rw_fifo_file_perms;
|
||||||
allow $1 self:shm create_shm_perms;
|
allow $1 self:shm create_shm_perms;
|
||||||
|
|
Loading…
Reference in New Issue