commit: 953f0de61ff6969382d34002fc7d4b4992e88c1a
Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net>
AuthorDate: Wed Aug 10 23:29:17 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 18:23:03 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=953f0de6
Let gpg disable core dumps
Update the gpg role interface so that core dumps can be disabled
at runtime (required for successful execution of gpg).
Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>
policy/modules/contrib/gpg.if | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/contrib/gpg.if b/policy/modules/contrib/gpg.if
index b299418..0370dd1 100644
--- a/policy/modules/contrib/gpg.if
+++ b/policy/modules/contrib/gpg.if
@@ -31,6 +31,7 @@ interface(`gpg_role',`
domtrans_pattern($2, gpg_exec_t, gpg_t)
domtrans_pattern($2, gpg_agent_exec_t, gpg_agent_t)
+ allow $2 self:process setrlimit;
allow $2 { gpg_t gpg_agent_t gpg_helper_t gpg_pinentry_t }:process {
ptrace signal_perms };
ps_process_pattern($2, { gpg_t gpg_agent_t gpg_helper_t gpg_pinentry_t
})
