Allow sysadm_t to call all portage related services
The system administrator (in sysadm_t) is the only "user" domain that is allowed to call portage-related services. So it also gains the privilege to execute portage tree management functions (and as such transition to portage_fetch_t). Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
parent
a108d9db60
commit
c94b5e3d18
@ -253,6 +253,7 @@ optional_policy(`
|
||||
|
||||
optional_policy(`
|
||||
portage_run(sysadm_t, sysadm_r)
|
||||
portage_run_fetch(sysadm_t, sysadm_r)
|
||||
portage_run_gcc_config(sysadm_t, sysadm_r)
|
||||
')
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user