[selinux-policy: 2327/3172] GPG patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:26:38 UTC 2010
commit 36ded4bd3696192a1d1b5b0b64be289d8669af09
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Dec 1 10:30:07 2009 -0500
GPG patch from Dan Walsh.
policy/modules/apps/gpg.te | 45 +++++++++++++++++++++++++++++--------------
1 files changed, 30 insertions(+), 15 deletions(-)
---
diff --git a/policy/modules/apps/gpg.te b/policy/modules/apps/gpg.te
index 5e66450..b8c96f6 100644
--- a/policy/modules/apps/gpg.te
+++ b/policy/modules/apps/gpg.te
@@ -1,5 +1,5 @@
-policy_module(gpg, 2.2.0)
+policy_module(gpg, 2.2.1)
########################################
#
@@ -104,11 +104,36 @@ files_dontaudit_search_var(gpg_t)
auth_use_nsswitch(gpg_t)
-miscfiles_read_localization(gpg_t)
-
logging_send_syslog_msg(gpg_t)
+miscfiles_read_localization(gpg_t)
+
userdom_use_user_terminals(gpg_t)
+# sign/encrypt user files
+userdom_manage_user_tmp_files(gpg_t)
+userdom_manage_user_home_content_files(gpg_t)
+
+mta_write_config(gpg_t)
+
+tunable_policy(`use_nfs_home_dirs',`
+ fs_manage_nfs_dirs(gpg_t)
+ fs_manage_nfs_files(gpg_t)
+')
+
+tunable_policy(`use_samba_home_dirs',`
+ fs_manage_cifs_dirs(gpg_t)
+ fs_manage_cifs_files(gpg_t)
+')
+
+optional_policy(`
+ xserver_use_xdm_fds(gpg_t)
+ xserver_rw_xdm_pipes(gpg_t)
+')
+
+optional_policy(`
+ cron_system_entry(gpg_t, gpg_exec_t)
+ cron_read_system_job_tmp_files(gpg_t)
+')
########################################
#
@@ -146,23 +171,13 @@ files_read_etc_files(gpg_helper_t)
auth_use_nsswitch(gpg_helper_t)
userdom_use_user_terminals(gpg_helper_t)
-# sign/encrypt user files
-userdom_manage_user_tmp_files(gpg_t)
-userdom_manage_user_home_content_files(gpg_t)
tunable_policy(`use_nfs_home_dirs',`
- fs_manage_nfs_dirs(gpg_t)
- fs_manage_nfs_files(gpg_t)
+ fs_dontaudit_rw_nfs_files(gpg_helper_t)
')
tunable_policy(`use_samba_home_dirs',`
- fs_manage_cifs_dirs(gpg_t)
- fs_manage_cifs_files(gpg_t)
-')
-
-optional_policy(`
- xserver_use_xdm_fds(gpg_t)
- xserver_rw_xdm_pipes(gpg_t)
+ fs_dontaudit_rw_cifs_files(gpg_helper_t)
')
########################################
More information about the scm-commits
mailing list