portage: Allow sandbox to map /dev/zero2.20210908-r1

Bug: https://bugs.gentoo.org/738546 Signed-off-by: Jason Zaman <perfinion@gentoo.org>
author: Jason Zaman <perfinion@gentoo.org> 2021-11-21 15:12:40 -0800
committer: Jason Zaman <perfinion@gentoo.org> 2021-11-21 15:14:49 -0800
commit: 192f62919b5866ad4de5558b7a69f03f81ed4ad3 (patch)
tree: 753b238f38388cb18f5c937c99162a19df0fced3
parent: init.te: Allow init to read tmpfs files. (diff)
download: hardened-refpolicy-192f6291.tar.gz
hardened-refpolicy-192f6291.tar.bz2
hardened-refpolicy-192f6291.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index 6cab80bd..1db76efe 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -511,6 +511,7 @@ gen_tunable(portage_enable_test, false)
 	dontaudit portage_sandbox_t self:capability sys_admin;
 
 	dev_getattr_xserver_misc_dev(portage_sandbox_t)
+	dev_rwx_zero(portage_sandbox_t)
 
 	kernel_read_vm_overcommit_sysctl(portage_sandbox_t)
author	Jason Zaman <perfinion@gentoo.org>	2021-11-21 15:12:40 -0800
committer	Jason Zaman <perfinion@gentoo.org>	2021-11-21 15:14:49 -0800
commit	192f62919b5866ad4de5558b7a69f03f81ed4ad3 (patch)
tree	753b238f38388cb18f5c937c99162a19df0fced3
parent	init.te: Allow init to read tmpfs files. (diff)
download	hardened-refpolicy-192f6291.tar.gz hardened-refpolicy-192f6291.tar.bz2 hardened-refpolicy-192f6291.zip