| Summary: | portage_fetch_t to be able to read /dev/urandom by default | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Vilgot Fredenberg <vilgot> |
| Component: | SELinux | Assignee: | SE Linux Bugs <selinux> |
| Status: | UNCONFIRMED --- | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | example module | ||
Created attachment 565376 [details] example module The default implementation of portage synchronization with rsync utilizes gpg-verification, however the current SELinux policy (sec-policy/selinux-base-policy) currently disallows said verification. To fix this I propose that we either create a boolean (enabled by default) that allows for portage_fetch_t to read /dev/urandom or that we skip the boolean and just merge it in. I created a module for this that I personally use, see attached file.