Allow sysadm_t to call all portage related services

The system administrator (in sysadm_t) is the only "user" domain that is
allowed to call portage-related services. So it also gains the privilege
to execute portage tree management functions (and as such transition to
portage_fetch_t).

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
Sven Vermeulen 2011-09-13 20:21:43 +02:00 committed by Chris PeBenito
parent a108d9db60
commit c94b5e3d18

View File

@ -253,6 +253,7 @@ optional_policy(`
optional_policy(`
portage_run(sysadm_t, sysadm_r)
portage_run_fetch(sysadm_t, sysadm_r)
portage_run_gcc_config(sysadm_t, sysadm_r)
')