RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

gpg: allow gpg-agent to read crypto.fips_enabled sysctl 

On Debian 10, when gpg-agent starts, it reads crypto.fips_enabled:

    type=AVC msg=audit(1569958604.280:42): avc:  denied  { open } for
    pid=329 comm="gpg-agent" path="/proc/sys/crypto/fips_enabled"
    dev="proc" ino=14687 scontext=sysadm_u:sysadm_r:gpg_agent_t
    tcontext=system_u:object_r:sysctl_crypto_t tclass=file permissive=1

    type=AVC msg=audit(1569958604.280:42): avc:  denied  { read } for
    pid=329 comm="gpg-agent" name="fips_enabled" dev="proc" ino=14687
    scontext=sysadm_u:sysadm_r:gpg_agent_t
    tcontext=system_u:object_r:sysctl_crypto_t tclass=file permissive=1

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2019-10-01 21:58:24 +02:00
parent 324ecfe95c
commit 15151782bd
No known key found for this signature in database
GPG Key ID: C191415F340DAAA0
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/apps/gpg.te
View File

@ -247,6 +247,7 @@ domtrans_pattern(gpg_agent_t, gpg_pinentry_exec_t, gpg_pinentry_t)
kernel_dontaudit_search_sysctl(gpg_agent_t)
kernel_read_core_if(gpg_agent_t)
kernel_read_crypto_sysctls(gpg_agent_t)
kernel_read_system_state(gpg_agent_t)
auth_use_nsswitch(gpg_agent_t)