[selinux-policy: 2262/3172] gpg patch from dan.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:20:52 UTC 2010
commit ca7fa520e7990b9e9ac838aa4138e4513601c77e
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Sep 3 08:23:18 2009 -0400
gpg patch from dan.
gpg sends sigstop and signull
Reads usb devices
Can encrypts users content in /tmp and the homedir, as well as on NFS and cifs
policy/modules/apps/gpg.if | 2 +-
policy/modules/apps/gpg.te | 12 +++++++++---
2 files changed, 10 insertions(+), 4 deletions(-)
---
diff --git a/policy/modules/apps/gpg.if b/policy/modules/apps/gpg.if
index f264608..260bd9d 100644
--- a/policy/modules/apps/gpg.if
+++ b/policy/modules/apps/gpg.if
@@ -30,7 +30,7 @@ interface(`gpg_role',`
# allow ps to show gpg
ps_process_pattern($2, gpg_t)
- allow $2 gpg_t:process { signal sigkill };
+ allow $2 gpg_t:process { signull sigstop signal sigkill };
# communicate with the user
allow gpg_helper_t $2:fd use;
diff --git a/policy/modules/apps/gpg.te b/policy/modules/apps/gpg.te
index ff18fc7..9d162a8 100644
--- a/policy/modules/apps/gpg.te
+++ b/policy/modules/apps/gpg.te
@@ -1,5 +1,5 @@
-policy_module(gpg, 2.1.0)
+policy_module(gpg, 2.1.1)
########################################
#
@@ -92,6 +92,7 @@ corenet_sendrecv_all_client_packets(gpg_t)
dev_read_rand(gpg_t)
dev_read_urand(gpg_t)
+dev_read_generic_usb_dev(gpg_t)
fs_getattr_xattr_fs(gpg_t)
@@ -145,13 +146,18 @@ files_read_etc_files(gpg_helper_t)
auth_use_nsswitch(gpg_helper_t)
userdom_use_user_terminals(gpg_helper_t)
+# sign/encrypt user files
+userdom_manage_user_tmp_files(gpg_t)
+userdom_manage_user_home_content_files(gpg_t)
tunable_policy(`use_nfs_home_dirs',`
- fs_dontaudit_rw_nfs_files(gpg_helper_t)
+ fs_manage_nfs_dirs(gpg_t)
+ fs_manage_nfs_files(gpg_t)
')
tunable_policy(`use_samba_home_dirs',`
- fs_dontaudit_rw_cifs_files(gpg_helper_t)
+ fs_manage_cifs_dirs(gpg_t)
+ fs_manage_cifs_files(gpg_t)
')
optional_policy(`
More information about the scm-commits
mailing list