nmav pushed to caml-crush (master). "enforce_ro_session in locked policy"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu Apr 2 13:46:13 UTC 2015
>From 4c3ba3015be5562f703a0e74388811437ac0e7d8 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date: Thu, 2 Apr 2015 15:45:39 +0200
Subject: enforce_ro_session in locked policy
diff --git a/filter-softhsm-locked.conf b/filter-softhsm-locked.conf
index e7fbc9c..31bf1f1 100644
--- a/filter-softhsm-locked.conf
+++ b/filter-softhsm-locked.conf
@@ -63,7 +63,7 @@ allowed_ids = [("softhsm", [".*"])]
*)
(* In a softhsm key wrapping makes no sense and it can be used to recover keys
so it is disabled *)
-forbidden_functions = [("soft.*", [C_WrapKey, C_SetAttributeValue, C_UnwrapKey, C_GenerateKey, C_GenerateKeyPair, C_CreateObject, C_CopyObject, C_DestroyObject])]
+forbidden_functions = [(".*", [C_WrapKey, C_SetAttributeValue, C_UnwrapKey, C_GenerateKey, C_GenerateKeyPair, C_CreateObject, C_CopyObject, C_DestroyObject])]
(* enforce_ro_sessions = [(a1, b1), (a2, b2) ...] is a list of couples where
'a' is a regular expression string representing module names, and 'b1',
@@ -72,9 +72,7 @@ forbidden_functions = [("soft.*", [C_WrapKey, C_SetAttributeValue, C_UnwrapKey,
default OFF, uncomment and configure below to enable;
*)
-(*
-enforce_ro_sessions = [(".*", no)]
-*)
+enforce_ro_sessions = [(".*", true)]
(* forbid_admin_operations = [(a1, b1), (a2, b2) ...] is a list of couples
where 'a' is a regular expression string representing module names, and
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/caml-crush.git/commit/?h=master&id=4c3ba3015be5562f703a0e74388811437ac0e7d8
More information about the scm-commits
mailing list