The portage_compile_domain interface used portage_sandbox_t without
requiring it.
---
policy/modules/contrib/portage.if | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/portage.if
b/policy/modules/contrib/portage.if
index c98a763..4652319 100644
--- a/policy/modules/contrib/portage.if
+++ b/policy/modules/contrib/portage.if
@@ -68,8 +68,8 @@ interface(`portage_run',`
interface(`portage_compile_domain',`
gen_require(`
class dbus send_msg;
- type portage_devpts_t, portage_log_t, portage_srcrepo_t,
portage_tmp_t;
- type portage_tmpfs_t;
+ type portage_devpts_t, portage_log_t, portage_sandbox_t,
portage_srcrepo_t;
+ type portage_tmp_t, portage_tmpfs_t;
')
allow $1 self:capability { fowner fsetid mknod setgid setuid chown
dac_override net_raw };
--
2.6.1
