[selinux-policy: 2413/3172] Clean up leaked portage file descriptors.

Thu Oct 7 22:34:09 UTC 2010

commit 8b8501991eaadfc13f968763c43f278cab4dc667
Author: Chris PeBenito <pebenito at gentoo.org>
Date:   Wed Feb 17 20:33:31 2010 -0500

    Clean up leaked portage file descriptors.

 policy/modules/kernel/files.if     |   19 +++++++++++++++++++
 policy/modules/kernel/files.te     |    2 +-
 policy/modules/system/libraries.te |   12 +++++++++++-
 3 files changed, 31 insertions(+), 2 deletions(-)
---

diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 1cdf376..6564a31 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -4299,6 +4299,25 @@ interface(`files_rw_var_files',`
 
 ########################################
 ## <summary>
+##	Do not audit attempts to read and write
+##	files in the /var directory.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_dontaudit_rw_var_files',`
+	gen_require(`
+		type var_t;
+	')
+
+	dontaudit $1 var_t:file rw_file_perms;
+')
+
+########################################
+## <summary>
 ##	Create, read, write, and delete files in the /var directory.
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index fdfe199..6515807 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,5 +1,5 @@
 
-policy_module(files, 1.12.2)
+policy_module(files, 1.12.3)
 
 ########################################
 #
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
index 76a1a05..0557fb2 100644
--- a/policy/modules/system/libraries.te
+++ b/policy/modules/system/libraries.te
@@ -1,5 +1,5 @@
 
-policy_module(libraries, 2.6.0)
+policy_module(libraries, 2.6.1)
 
 ########################################
 #
@@ -101,6 +101,16 @@ ifdef(`distro_ubuntu',`
 ')
 
 ifdef(`hide_broken_symptoms',`
+	ifdef(`distro_gentoo',`
+		# leaked fds from portage
+		files_dontaudit_rw_var_files(ldconfig_t)
+
+		optional_policy(`
+			portage_dontaudit_search_tmp(ldconfig_t)
+			portage_dontaudit_rw_tmp_files(ldconfig_t)
+		')
+	')
+
 	optional_policy(`
 		unconfined_dontaudit_rw_tcp_sockets(ldconfig_t)
 	')
