portage: allow to read vm overcommit2.20161023-r3

author: Jason Zaman <jason@perfinion.com> 2016-12-11 23:02:34 +0800
committer: Jason Zaman <jason@perfinion.com> 2016-12-11 23:02:34 +0800
commit: e9482a3144076e24b1f8c2fca0d12751011a35a3 (patch)
tree: a1071aed414b47d145bd59ddc8eaada3f0c4202e
parent: Merge upstream (diff)
download: hardened-refpolicy-e9482a3144076e24b1f8c2fca0d12751011a35a3.tar.gz
hardened-refpolicy-e9482a3144076e24b1f8c2fca0d12751011a35a3.tar.bz2
hardened-refpolicy-e9482a3144076e24b1f8c2fca0d12751011a35a3.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/contrib/portage.te b/policy/modules/contrib/portage.te
index 52c6bf984..87ca0c6cf 100644
--- a/policy/modules/contrib/portage.te
+++ b/policy/modules/contrib/portage.te
@@ -444,6 +444,8 @@ gen_tunable(portage_enable_test, false)
 	allow portage_t portage_exec_t:file relabel_file_perms;
 	allow portage_t portage_fetch_exec_t:file relabel_file_perms;
 
+	kernel_read_vm_overcommit_sysctl(portage_t)
+
 	# Portage is selinuxaware, transitions on calling ebuild, now marked as bin_t
 	corecmd_bin_entry_type(portage_t)
 	# Support self-update of Portage
author	Jason Zaman <jason@perfinion.com>	2016-12-11 23:02:34 +0800
committer	Jason Zaman <jason@perfinion.com>	2016-12-11 23:02:34 +0800
commit	e9482a3144076e24b1f8c2fca0d12751011a35a3 (patch)
tree	a1071aed414b47d145bd59ddc8eaada3f0c4202e
parent	Merge upstream (diff)
download	hardened-refpolicy-e9482a3144076e24b1f8c2fca0d12751011a35a3.tar.gz hardened-refpolicy-e9482a3144076e24b1f8c2fca0d12751011a35a3.tar.bz2 hardened-refpolicy-e9482a3144076e24b1f8c2fca0d12751011a35a3.zip