rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

fix compile errors

Browse Source
This commit is contained in:
Chris PeBenito 2006-01-18 15:58:52 +00:00
parent 6b86ef00da
commit 625caeb34f
2 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
refpolicy/policy/modules/admin/portage.if
View File

@ -119,14 +119,14 @@ template(`portage_compile_domain_template',`
allow $1_t $1_tmp_t:lnk_file create_lnk_perms; allow $1_t $1_tmp_t:lnk_file create_lnk_perms;
allow $1_t $1_tmp_t:fifo_file manage_file_perms; allow $1_t $1_tmp_t:fifo_file manage_file_perms;
allow $1_t $1_tmp_t:sock_file manage_file_perms; allow $1_t $1_tmp_t:sock_file manage_file_perms;
files_create_tmp($1_t,$1_tmp_t,{ dir file lnk_file sock_file fifo_file }) files_filetrans_tmp($1_t,$1_tmp_t,{ dir file lnk_file sock_file fifo_file })
allow $1_t $1_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write }; allow $1_t $1_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t $1_tmpfs_t:file { create ioctl read getattr lock write setattr append link unlink rename }; allow $1_t $1_tmpfs_t:file { create ioctl read getattr lock write setattr append link unlink rename };
allow $1_t $1_tmpfs_t:lnk_file { create read getattr setattr link unlink rename }; allow $1_t $1_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
allow $1_t $1_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename }; allow $1_t $1_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
allow $1_t $1_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename }; allow $1_t $1_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
fs_create_tmpfs_data($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file }) fs_filetrans_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
# write merge logs # write merge logs
allow $1_t portage_log_t:dir setattr; allow $1_t portage_log_t:dir setattr;
@ -160,7 +160,7 @@ template(`portage_compile_domain_template',`
dev_read_urand($1_t) dev_read_urand($1_t)
domain_exec_all_entry_files($1_t) domain_exec_all_entry_files($1_t)
domain_use_wide_inhert_fds($1_t) domain_use_wide_inherit_fd($1_t)
files_exec_etc_files($1_t) files_exec_etc_files($1_t)
files_exec_usr_src_files($1_t) files_exec_usr_src_files($1_t)

24
refpolicy/policy/modules/admin/portage.te
View File

@ -9,10 +9,10 @@ policy_module(portage,1.0.0)
type portage_exec_t; type portage_exec_t;
files_type(portage_exec_t) files_type(portage_exec_t)
portage_compile_domain(portage) portage_compile_domain_template(portage)
domain_obj_id_change_exempt(portage_t) domain_obj_id_change_exempt(portage_t)
portage_compile_domain(portage_sandbox) portage_compile_domain_template(portage_sandbox)
# the shell is the entrypoint if regular sandbox is disabled # the shell is the entrypoint if regular sandbox is disabled
# portage_exec_t is the entrypoint if regular sandbox is enabled # portage_exec_t is the entrypoint if regular sandbox is enabled
corecmd_shell_entry_type(portage_sandbox_t) corecmd_shell_entry_type(portage_sandbox_t)
@ -55,7 +55,7 @@ allow portage_fetch_t portage_t:fifo_file rw_file_perms;
allow portage_fetch_t portage_t:process sigchld; allow portage_fetch_t portage_t:process sigchld;
allow portage_t portage_log_t:file create_file_perms; allow portage_t portage_log_t:file create_file_perms;
logging_create_log(portage_t,portage_log_t) logging_filetrans_log(portage_t,portage_log_t)
# transition to sandbox for compiling # transition to sandbox for compiling
domain_trans(portage_t,portage_exec_t,portage_sandbox_t) domain_trans(portage_t,portage_exec_t,portage_sandbox_t)
@ -65,7 +65,7 @@ allow portage_sandbox_t portage_t:fifo_file rw_file_perms;
allow portage_sandbox_t portage_t:process sigchld; allow portage_sandbox_t portage_t:process sigchld;
# run scripts out of the build directory # run scripts out of the build directory
can_exec($1_t,portage_tmp_t) can_exec(portage_t,portage_tmp_t)
# merging baselayout will need this: # merging baselayout will need this:
kernel_write_proc_file(portage_t) kernel_write_proc_file(portage_t)
@ -89,7 +89,7 @@ optional_policy(`bootloader',`
optional_policy(`modutils',` optional_policy(`modutils',`
modutils_domtrans_depmod(portage_t) modutils_domtrans_depmod(portage_t)
modutils_domtrans_update_modules(portage_t) modutils_domtrans_update_mods(portage_t)
#dontaudit update_modules_t portage_tmp_t:dir search_dir_perms; #dontaudit update_modules_t portage_tmp_t:dir search_dir_perms;
') ')
@ -98,10 +98,12 @@ optional_policy(`usermanage',`
usermanage_domtrans_useradd(portage_t) usermanage_domtrans_useradd(portage_t)
') ')
ifdef(`TODO',`
# seems to work ok without these # seems to work ok without these
dontaudit portage_t device_t:{ blk_file chr_file } getattr; dontaudit portage_t device_t:{ blk_file chr_file } getattr;
dontaudit portage_t proc_t:dir setattr; dontaudit portage_t proc_t:dir setattr;
dontaudit portage_t device_type:{ chr_file blk_file } r_file_perms; dontaudit portage_t device_type:{ chr_file blk_file } r_file_perms;
')
########################################## ##########################################
# #
@ -122,7 +124,7 @@ allow portage_fetch_t portage_ebuild_t:file manage_file_perms;
allow portage_fetch_t portage_fetch_tmp_t:dir create_dir_perms; allow portage_fetch_t portage_fetch_tmp_t:dir create_dir_perms;
allow portage_fetch_t portage_fetch_tmp_t:file create_file_perms; allow portage_fetch_t portage_fetch_tmp_t:file create_file_perms;
files_create_tmp_files(portage_fetch_t, portage_fetch_tmp_t, { file dir }) files_filetrans_tmp(portage_fetch_t, portage_fetch_tmp_t, { file dir })
# portage makes home dir the portage tmp dir, so # portage makes home dir the portage tmp dir, so
# wget looks for .wgetrc there # wget looks for .wgetrc there
@ -143,16 +145,17 @@ corenet_tcp_sendrecv_all_ports(portage_fetch_t)
corenet_tcp_connect_all_reserved_ports(portage_fetch_t) corenet_tcp_connect_all_reserved_ports(portage_fetch_t)
corenet_tcp_connect_generic_port(portage_fetch_t) corenet_tcp_connect_generic_port(portage_fetch_t)
dev_search_ptys(portage_fetch_t)
dev_dontaudit_read_rand(portage_fetch_t) dev_dontaudit_read_rand(portage_fetch_t)
domain_use_wide_inherit_fds(portage_fetch_t) domain_use_wide_inherit_fd(portage_fetch_t)
files_read_etc_files(portage_fetch_t) files_read_etc_files(portage_fetch_t)
files_read_etc_runtime_files(portage_fetch_t) files_read_etc_runtime_files(portage_fetch_t)
files_search_var(portage_fetch_t) files_search_var(portage_fetch_t)
files_dontaudit_search_pids(portage_fetch_t) files_dontaudit_search_pids(portage_fetch_t)
term_search_ptys(portage_fetch_t)
libs_use_ld_so(portage_fetch_t) libs_use_ld_so(portage_fetch_t)
libs_use_shared_libs(portage_fetch_t) libs_use_shared_libs(portage_fetch_t)
@ -167,9 +170,8 @@ ifdef(`hide_broken_symptoms',`
dontaudit portage_fetch_t portage_cache_t:file read; dontaudit portage_fetch_t portage_cache_t:file read;
') ')
ifdef(`TODO',` # TODO:
domain_auto_trans(portage_t, rsyncd_exec_t, portage_fetch_t) #domain_auto_trans(portage_t, rsyncd_exec_t, portage_fetch_t)
')
########################################## ##########################################
# #