1 |
commit: 996cb21a3c261e9d5617709b05f495284ad5cb66 |
2 |
Author: Dan Walsh <dwalsh <AT> redhat <DOT> com> |
3 |
AuthorDate: Mon Nov 25 15:09:29 2013 +0000 |
4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Nov 30 15:01:49 2013 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=996cb21a |
7 |
|
8 |
Allow gpg_agent to use ssh-add |
9 |
|
10 |
--- |
11 |
policy/modules/contrib/gpg.te | 5 ++++- |
12 |
1 file changed, 4 insertions(+), 1 deletion(-) |
13 |
|
14 |
diff --git a/policy/modules/contrib/gpg.te b/policy/modules/contrib/gpg.te |
15 |
index a8bad37..36c63b3 100644 |
16 |
--- a/policy/modules/contrib/gpg.te |
17 |
+++ b/policy/modules/contrib/gpg.te |
18 |
@@ -210,7 +210,7 @@ tunable_policy(`use_samba_home_dirs',` |
19 |
# Agent local policy |
20 |
# |
21 |
|
22 |
-allow gpg_agent_t self:process setrlimit; |
23 |
+allow gpg_agent_t self:process { setrlimit signal_perms }; |
24 |
allow gpg_agent_t self:unix_stream_socket { create_stream_socket_perms connectto }; |
25 |
allow gpg_agent_t self:fifo_file rw_fifo_file_perms; |
26 |
|
27 |
@@ -229,7 +229,10 @@ filetrans_pattern(gpg_agent_t, gpg_secret_t, gpg_agent_tmp_t, sock_file, "log-so |
28 |
domtrans_pattern(gpg_agent_t, pinentry_exec_t, gpg_pinentry_t) |
29 |
|
30 |
kernel_dontaudit_search_sysctl(gpg_agent_t) |
31 |
+kernel_read_core_if(gpg_agent_t) |
32 |
+kernel_read_system_state(gpg_agent_t) |
33 |
|
34 |
+corecmd_exec_bin(gpg_agent_t) |
35 |
corecmd_exec_shell(gpg_agent_t) |
36 |
|
37 |
dev_read_rand(gpg_agent_t) |