Summary: | portage_fetch_t to be able to read /dev/urandom by default | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Vilgot Fredenberg <vilgot> |
Component: | SELinux | Assignee: | SE Linux Bugs <selinux> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | example module |
Created attachment 565376 [details] example module The default implementation of portage synchronization with rsync utilizes gpg-verification, however the current SELinux policy (sec-policy/selinux-base-policy) currently disallows said verification. To fix this I propose that we either create a boolean (enabled by default) that allows for portage_fetch_t to read /dev/urandom or that we skip the boolean and just merge it in. I created a module for this that I personally use, see attached file.