commit: 6fec98ded6c9bda1c731ab48a87265ace6cc43b1
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Dec 6 15:00:17 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Tue Dec 6 15:02:34 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6fec98de
portage: add signal and FEATURES=test perms
policy/modules/contrib/portage.te | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/portage.te
b/policy/modules/contrib/portage.te
index 19bd8c8..52c6bf9 100644
--- a/policy/modules/contrib/portage.te
+++ b/policy/modules/contrib/portage.te
@@ -436,6 +436,8 @@ gen_tunable(portage_enable_test, false)
allow portage_t self:capability2 block_suspend;
+ allow portage_t { portage_fetch_t portage_sandbox_t }:process
signal_perms;
+
# Support self-update of Portage
allow portage_t portage_tmp_t:dir relabel_dir_perms;
allow portage_t portage_tmp_t:lnk_file relabel_lnk_file_perms;
@@ -490,9 +492,12 @@ gen_tunable(portage_enable_test, false)
tunable_policy(`portage_enable_test',`
# lots of tests connect over loopback
- corenet_tcp_bind_generic_node(portage_sandbox_t)
corenet_tcp_bind_all_unreserved_ports(portage_sandbox_t)
+ corenet_tcp_bind_generic_node(portage_sandbox_t)
corenet_tcp_connect_all_unreserved_ports(portage_sandbox_t)
+ corenet_udp_bind_all_unreserved_ports(portage_sandbox_t)
+ corenet_udp_bind_generic_node(portage_sandbox_t)
+ corenet_udp_sendrecv_all_ports(portage_sandbox_t)
')
##########################################
