519578 – Make /var/lib/gentoo portage_var_lib_t (or similar)

Bug 519578 - Make /var/lib/gentoo portage_var_lib_t (or similar)

Summary: Make /var/lib/gentoo portage_var_lib_t (or similar)

Status:	CONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	SELinux (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	SE Linux Bugs

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	530912
	Show dependency tree

Reported:	2014-08-10 17:05 UTC by Sven Vermeulen (RETIRED)
Modified:	2014-11-27 20:40 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sven Vermeulen (RETIRED) gentoo-dev

2014-08-10 17:05:51 UTC

Layman (running in portage_fetch_t) in some cases needs access to /var/lib/gentoo/news (creating a lockfile). This location is currently var_lib_t.

We probably need to make this its own file type, and then grant the proper portage domains access to it.

Reproducible: Always

Comment 1 Jason Zaman gentoo-dev

2014-11-09 06:03:17 UTC

(In reply to Sven Vermeulen from comment #0)
> Layman (running in portage_fetch_t) in some cases needs access to
> /var/lib/gentoo/news (creating a lockfile). This location is currently
> var_lib_t.

how do you trigger this?

> We probably need to make this its own file type, and then grant the proper
> portage domains access to it.

this already exists:
/var/lib/portage(/.*)?	gen_context(system_u:object_r:portage_cache_t,s0)

perhaps just re-use portage_cache_t for /var/lib/gentoo too?