commit: a54fe39b3f5462bb0bbb22cfe883c8d38dfe9168 Author: Corentin LABBE <clabbe.montjoie <AT> gmail <DOT> com> AuthorDate: Tue Jan 10 09:11:56 2023 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Mon Feb 13 15:23:57 2023 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a54fe39b
portage: add new location for portage commands There are missing lot of portage commands location, add them following the gentoo SELinux repo. Signed-off-by: Corentin LABBE <clabbe.montjoie <AT> gmail.com> Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/admin/portage.fc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/policy/modules/admin/portage.fc b/policy/modules/admin/portage.fc index 7cf6e7855..620ade57a 100644 --- a/policy/modules/admin/portage.fc +++ b/policy/modules/admin/portage.fc @@ -5,11 +5,17 @@ /etc/portage/gpg(/.*)? gen_context(system_u:object_r:portage_gpg_t,s0) /usr/bin/emerge -- gen_context(system_u:object_r:portage_exec_t,s0) +/usr/bin/emerge-webrsync -- gen_context(system_u:object_r:portage_fetch_exec_t,s0) /usr/bin/gcc-config -- gen_context(system_u:object_r:gcc_config_exec_t,s0) /usr/bin/glsa-check -- gen_context(system_u:object_r:portage_exec_t,s0) /usr/bin/layman -- gen_context(system_u:object_r:portage_fetch_exec_t,s0) /usr/bin/sandbox -- gen_context(system_u:object_r:portage_exec_t,s0) +/usr/lib/python-exec/python[0-9]\.[0-9]*/glsa-check -- gen_context(system_u:object_r:portage_exec_t,s0) +/usr/lib/python-exec/python[0-9]\.[0-9]*/layman -- gen_context(system_u:object_r:portage_fetch_exec_t,s0) +/usr/lib/python-exec/python[0-9]\.[0-9]*/emaint -- gen_context(system_u:object_r:portage_exec_t,s0) +/usr/lib/python-exec/python[0-9]\.[0-9]*/emerge -- gen_context(system_u:object_r:portage_exec_t,s0) + /usr/portage(/.*)? gen_context(system_u:object_r:portage_ebuild_t,s0) /usr/portage/distfiles/cvs-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0) /usr/portage/distfiles/egit-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0) @@ -31,6 +37,7 @@ /var/log/emerge\.log.* -- gen_context(system_u:object_r:portage_log_t,s0) /var/log/emerge-fetch\.log -- gen_context(system_u:object_r:portage_log_t,s0) /var/log/portage(/.*)? gen_context(system_u:object_r:portage_log_t,s0) +/var/log/sandbox(/.*)? gen_context(system_u:object_r:portage_log_t,s0) /var/lib/layman(/.*)? gen_context(system_u:object_r:portage_ebuild_t,s0) /var/lib/portage(/.*)? gen_context(system_u:object_r:portage_cache_t,s0) /var/tmp/binpkgs(/.*)? gen_context(system_u:object_r:portage_tmp_t,s0)
