commit: 1e96396dedf4d264ac02943157f34e0497671d9f
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Sep 11 16:13:24 2018 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Dec 9 11:45:31 2018 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=1e96396d
libraries: ldconfig is a shell script on Gentoo musl libc
Signed-off-by: Jason Zaman <jason <AT> perfinion.com>
policy/modules/system/libraries.te | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/policy/modules/system/libraries.te
b/policy/modules/system/libraries.te
index 422b0ea1..6812a58e 100644
--- a/policy/modules/system/libraries.te
+++ b/policy/modules/system/libraries.te
@@ -145,3 +145,10 @@ optional_policy(`
optional_policy(`
unconfined_domain(ldconfig_t)
')
+
+ifdef(`distro_gentoo',`
+ # on musl ldconfig is a shell script
+ allow ldconfig_t self:fifo_file rw_fifo_file_perms;
+ corecmd_exec_shell(ldconfig_t)
+ corecmd_exec_bin(ldconfig_t)
+')
