[selinux-policy: 1427/3172] dontaudit chroot, glibc compile is ok without it
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:08:43 UTC 2010
commit 858a1faefb44c80701a4c9f0b705d6c2ccc60686
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon May 8 13:21:36 2006 +0000
dontaudit chroot, glibc compile is ok without it
refpolicy/policy/modules/admin/portage.if | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/portage.if b/refpolicy/policy/modules/admin/portage.if
index f0e35c8..80eaca7 100644
--- a/refpolicy/policy/modules/admin/portage.if
+++ b/refpolicy/policy/modules/admin/portage.if
@@ -93,6 +93,7 @@ interface(`portage_run',`
interface(`portage_compile_domain',`
allow $1 self:capability { fowner fsetid mknod setgid setuid chown dac_override net_raw };
+ dontaudit $1 self:capability sys_chroot;
allow $1 self:process { setpgid setsched setrlimit signal_perms execmem };
allow $1 self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow $1 self:fd use;
More information about the scm-commits
mailing list