-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/06/2011 12:11 PM, Christoph A. wrote:
On 06/06/2011 05:33 PM, Daniel J Walsh wrote:
> What avc are you seeing. Most likely we should just allow the access.
Is sandbox_net_t allowed to access/execute gpg_agent_exec_t and
gpg_exec_t files?
ll -Z `which gpg-agent `
-rwxr-xr-x. root root system_u:object_r:gpg_agent_exec_t:s0
/usr/bin/gpg-agent
ll -Z `which gpg `
-rwxr-xr-x. root root system_u:object_r:gpg_exec_t:s0 /usr/bin/gpg
- --
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes
sesearch -A -s sandbox_net_t -t gpg_exec_t
WARNING: Policy would be downgraded from version 26 to 25.
Found 3 semantic av rules:
allow sandbox_x_domain file_type : file entrypoint ;
allow sandbox_x_domain exec_type : file { ioctl read getattr lock
execute execute_no_trans open } ;
allow sandbox_x_domain exec_type : lnk_file { read getattr } ;
sesearch -A -s sandbox_net_t -t gpg_agent_exec_t
WARNING: Policy would be downgraded from version 26 to 25.
Found 3 semantic av rules:
allow sandbox_x_domain file_type : file entrypoint ;
allow sandbox_x_domain exec_type : file { ioctl read getattr lock
execute execute_no_trans open } ;
allow sandbox_x_domain exec_type : lnk_file { read getattr } ;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk3tFkoACgkQrlYvE4MpobNbtACfdEzrIHJFF6mlnRQIE0ncynpv
9nwAnR4bCkes5ZXCxxOAT19po8kV4IG4
=z+2F
-----END PGP SIGNATURE-----