commit: 09b3bbc4d767812375a72461e0247a6d6e8da97f
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Nov 2 17:31:21 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Nov 5 06:40:35 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=09b3bbc4
gpg: search dir when connecting to agent socket
commit 96ac8920f55e5a652c20aba99a599ce23a4d3c0d
(gpg: manage user runtime socket files and directories)
moved /run/user/UID/gnupg/ to gpg_runtime_t. this updates the interface
so it grants search perms on the dir too.
policy/modules/contrib/gpg.if | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/gpg.if b/policy/modules/contrib/gpg.if
index c4b7c4cd..6266019b 100644
--- a/policy/modules/contrib/gpg.if
+++ b/policy/modules/contrib/gpg.if
@@ -191,11 +191,11 @@ interface(`gpg_rw_agent_pipes',`
interface(`gpg_stream_connect_agent',`
gen_require(`
type gpg_agent_t, gpg_agent_tmp_t;
- type gpg_secret_t;
+ type gpg_secret_t, gpg_runtime_t;
')
stream_connect_pattern($1, gpg_agent_tmp_t, gpg_agent_tmp_t,
gpg_agent_t)
- allow $1 gpg_secret_t:dir search_dir_perms;
+ allow $1 { gpg_secret_t gpg_runtime_t }:dir search_dir_perms;
userdom_search_user_runtime($1)
userdom_search_user_home_dirs($1)
')
