[refpolicy] [PATCH 1/1] Portage_fetch_t need use of portage_devpts_

[refpolicy] [PATCH 1/1] Portage_fetch_t need use of portage_devpts_

[LABBE Corentin]

Signed-off-by: LABBE Corentin <corentin.labbe@geomatys.fr>
---
 policy/modules/admin/portage.if |   19 +++++++++++++++++++
 policy/modules/admin/portage.te |    2 ++
 2 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if
index 35161b2..a1b6a4b 100644
--- a/policy/modules/admin/portage.if
+++ b/policy/modules/admin/portage.if
@@ -281,3 +281,22 @@ interface(`portage_dontaudit_rw_tmp_files',`
 
 	dontaudit $1 portage_tmp_t:file rw_file_perms;
 ')
+
+########################################
+## <summary>
+##      Write the pty of portage.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`portage_use_pty',`
+        gen_require(`
+                type portage_devpts_t;
+        ')
+
+        term_search_ptys($1)
+        allow $1 portage_devpts_t:chr_file write_chr_file_perms;
+')
diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index ba1a256..fd863a7 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -211,6 +211,8 @@ allow portage_fetch_t self:tcp_socket create_stream_socket_perms;
 allow portage_fetch_t portage_conf_t:dir list_dir_perms;
 read_files_pattern(portage_fetch_t, portage_conf_t, portage_conf_t)
 
+portage_use_pty(portage_fetch_t)
+
 manage_dirs_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t)
 manage_files_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t)
 
-- 
1.6.4.4

[refpolicy] [PATCH 1/1] Portage_fetch_t need use of portage_devpts_

[Dominick Grift]

On Wed, Mar 03, 2010 at 04:37:18PM +0100, LABBE Corentin wrote:
> 
> Signed-off-by: LABBE Corentin <corentin.labbe@geomatys.fr>

Come to think about it you may want to either rename the interface to portage_write_ptys,
or replace write_chr_file_perms by rw_chr_file_perms. 

> ---
>  policy/modules/admin/portage.if |   19 +++++++++++++++++++
>  policy/modules/admin/portage.te |    2 ++
>  2 files changed, 21 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if
> index 35161b2..a1b6a4b 100644
> --- a/policy/modules/admin/portage.if
> +++ b/policy/modules/admin/portage.if
> @@ -281,3 +281,22 @@ interface(`portage_dontaudit_rw_tmp_files',`
>  
>  	dontaudit $1 portage_tmp_t:file rw_file_perms;
>  ')
> +
> +########################################
> +## <summary>
> +##      Write the pty of portage.
> +## </summary>
> +## <param name="domain">
> +##      <summary>
> +##      Domain allowed access.
> +##      </summary>
> +## </param>
> +#
> +interface(`portage_use_pty',`
> +        gen_require(`
> +                type portage_devpts_t;
> +        ')
> +
> +        term_search_ptys($1)
> +        allow $1 portage_devpts_t:chr_file write_chr_file_perms;
> +')
> diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
> index ba1a256..fd863a7 100644
> --- a/policy/modules/admin/portage.te
> +++ b/policy/modules/admin/portage.te
> @@ -211,6 +211,8 @@ allow portage_fetch_t self:tcp_socket create_stream_socket_perms;
>  allow portage_fetch_t portage_conf_t:dir list_dir_perms;
>  read_files_pattern(portage_fetch_t, portage_conf_t, portage_conf_t)
>  
> +portage_use_pty(portage_fetch_t)
> +
>  manage_dirs_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t)
>  manage_files_pattern(portage_fetch_t, portage_ebuild_t, portage_ebuild_t)
>  
> -- 
> 1.6.4.4
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100303/fa70a7aa/attachment.bin