From 858a1faefb44c80701a4c9f0b705d6c2ccc60686 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 8 May 2006 13:21:36 +0000 Subject: [PATCH] dontaudit chroot, glibc compile is ok without it --- refpolicy/policy/modules/admin/portage.if | 1 + 1 file changed, 1 insertion(+) diff --git a/refpolicy/policy/modules/admin/portage.if b/refpolicy/policy/modules/admin/portage.if index f0e35c82..80eaca71 100644 --- a/refpolicy/policy/modules/admin/portage.if +++ b/refpolicy/policy/modules/admin/portage.if @@ -93,6 +93,7 @@ interface(`portage_run',` interface(`portage_compile_domain',` allow $1 self:capability { fowner fsetid mknod setgid setuid chown dac_override net_raw }; + dontaudit $1 self:capability sys_chroot; allow $1 self:process { setpgid setsched setrlimit signal_perms execmem }; allow $1 self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap }; allow $1 self:fd use;