1 |
commit: 09b3bbc4d767812375a72461e0247a6d6e8da97f |
2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
3 |
AuthorDate: Thu Nov 2 17:31:21 2017 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Nov 5 06:40:35 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=09b3bbc4 |
7 |
|
8 |
gpg: search dir when connecting to agent socket |
9 |
|
10 |
commit 96ac8920f55e5a652c20aba99a599ce23a4d3c0d |
11 |
(gpg: manage user runtime socket files and directories) |
12 |
moved /run/user/UID/gnupg/ to gpg_runtime_t. this updates the interface |
13 |
so it grants search perms on the dir too. |
14 |
|
15 |
policy/modules/contrib/gpg.if | 4 ++-- |
16 |
1 file changed, 2 insertions(+), 2 deletions(-) |
17 |
|
18 |
diff --git a/policy/modules/contrib/gpg.if b/policy/modules/contrib/gpg.if |
19 |
index c4b7c4cd..6266019b 100644 |
20 |
--- a/policy/modules/contrib/gpg.if |
21 |
+++ b/policy/modules/contrib/gpg.if |
22 |
@@ -191,11 +191,11 @@ interface(`gpg_rw_agent_pipes',` |
23 |
interface(`gpg_stream_connect_agent',` |
24 |
gen_require(` |
25 |
type gpg_agent_t, gpg_agent_tmp_t; |
26 |
- type gpg_secret_t; |
27 |
+ type gpg_secret_t, gpg_runtime_t; |
28 |
') |
29 |
|
30 |
stream_connect_pattern($1, gpg_agent_tmp_t, gpg_agent_tmp_t, gpg_agent_t) |
31 |
- allow $1 gpg_secret_t:dir search_dir_perms; |
32 |
+ allow $1 { gpg_secret_t gpg_runtime_t }:dir search_dir_perms; |
33 |
userdom_search_user_runtime($1) |
34 |
userdom_search_user_home_dirs($1) |
35 |
') |