Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Sun, 05 Nov 2017 08:01:47
Message-Id: 1509864035.09b3bbc4d767812375a72461e0247a6d6e8da97f.perfinion@gentoo
1 commit: 09b3bbc4d767812375a72461e0247a6d6e8da97f
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Thu Nov 2 17:31:21 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Sun Nov 5 06:40:35 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=09b3bbc4
7
8 gpg: search dir when connecting to agent socket
9
10 commit 96ac8920f55e5a652c20aba99a599ce23a4d3c0d
11 (gpg: manage user runtime socket files and directories)
12 moved /run/user/UID/gnupg/ to gpg_runtime_t. this updates the interface
13 so it grants search perms on the dir too.
14
15 policy/modules/contrib/gpg.if | 4 ++--
16 1 file changed, 2 insertions(+), 2 deletions(-)
17
18 diff --git a/policy/modules/contrib/gpg.if b/policy/modules/contrib/gpg.if
19 index c4b7c4cd..6266019b 100644
20 --- a/policy/modules/contrib/gpg.if
21 +++ b/policy/modules/contrib/gpg.if
22 @@ -191,11 +191,11 @@ interface(`gpg_rw_agent_pipes',`
23 interface(`gpg_stream_connect_agent',`
24 gen_require(`
25 type gpg_agent_t, gpg_agent_tmp_t;
26 - type gpg_secret_t;
27 + type gpg_secret_t, gpg_runtime_t;
28 ')
29
30 stream_connect_pattern($1, gpg_agent_tmp_t, gpg_agent_tmp_t, gpg_agent_t)
31 - allow $1 gpg_secret_t:dir search_dir_perms;
32 + allow $1 { gpg_secret_t gpg_runtime_t }:dir search_dir_perms;
33 userdom_search_user_runtime($1)
34 userdom_search_user_home_dirs($1)
35 ')
Report Message
Find on MARC Find on Google Groups