Skip to content

Commit 7cf904c

Browse files
committed
gentoo: Add gentoo-specific rules to sechecker config
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
1 parent 03fba81 commit 7cf904c

1 file changed

Lines changed: 5 additions & 0 deletions

File tree

testing/sechecker.ini

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@ desc = Verify only expected domains can change SELinux to permissive mode.
3939
tclass = security
4040
perms = setenforce
4141
exempt_source = cloud_init_t # VM configuration on initial boot
42+
initrc_t
4243
secadm_t # Security admin role
4344
sysadm_t # System admin role
4445

@@ -136,8 +137,10 @@ exempt_source = acpi_t
136137
plymouthd_t
137138
podman_t
138139
podman_user_t
140+
portage_t
139141
postgresql_t
140142
pppd_t
143+
qemu_ga_t
141144
quota_t # Configure filesystem quotas
142145
remote_login_t # Conditional access (allow_polyinstantiation)
143146
resmgrd_t
@@ -295,6 +298,7 @@ exempt_source = arpwatch_t
295298
pegasus_t
296299
podman_t
297300
podman_user_t
301+
portage_t
298302
portslave_t
299303
pppd_t
300304
pptp_t
@@ -311,6 +315,7 @@ exempt_source = arpwatch_t
311315
sosreport_t
312316
spc_t
313317
squid_t # Conditional access (squid_use_tproxy)
318+
ss_t
314319
sssd_t
315320
sysadm_t
316321
syslogd_t # Conditional network config (logging_syslog_can_network)

0 commit comments

Comments
 (0)