[DSE-Dev] refpolicy: patch for gpg-agent
Václav Ovsík
vaclav.ovsik at i.cz
Wed Feb 20 17:03:00 UTC 2008
Hi,
I'm running HEAD refpolicy on Debian Sid, but this patch is not
Debian-specific this time.
Having a copy of my std bash profile on the testing machine with
a snippet (from gpg-agent man page):
if test -f $HOME/.gpg-agent-info \
&& kill -0 `cut -d: -f 2 $HOME/.gpg-agent-info` 2>/dev/null
then
. $HOME/.gpg-agent-info
export GPG_AGENT_INFO
export SSH_AUTH_SOCK
export SSH_AGENT_PID
else
eval `gpg-agent --daemon --write-env-file`
fi
I got a number of denials for this snippet of commands.
1. Found a typo for permissions to create socket in the /tmp.
2. Added permission to send signal 0 by the user (see above).
3. Added permissions for writing agent info file into users home
directory.
Regards
--
Zito
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gpg.patch
Type: text/x-diff
Size: 1631 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20080220/e6123910/attachment.patch
More information about the SELinux-devel
mailing list