RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy
History
Nicolas Iooss 15151782bd
gpg: allow gpg-agent to read crypto.fips_enabled sysctl 
On Debian 10, when gpg-agent starts, it reads crypto.fips_enabled:

    type=AVC msg=audit(1569958604.280:42): avc:  denied  { open } for
    pid=329 comm="gpg-agent" path="/proc/sys/crypto/fips_enabled"
    dev="proc" ino=14687 scontext=sysadm_u:sysadm_r:gpg_agent_t
    tcontext=system_u:object_r:sysctl_crypto_t tclass=file permissive=1

    type=AVC msg=audit(1569958604.280:42): avc:  denied  { read } for
    pid=329 comm="gpg-agent" name="fips_enabled" dev="proc" ino=14687
    scontext=sysadm_u:sysadm_r:gpg_agent_t
    tcontext=system_u:object_r:sysctl_crypto_t tclass=file permissive=1

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
 		2019-10-01 21:58:24 +02:00
..
flask Remove incorrect comment about capability2:mac_admin. 2019-03-11 20:49:42 -04:00
modules gpg: allow gpg-agent to read crypto.fips_enabled sysctl 2019-10-01 21:58:24 +02:00
support
constraints
context_defaults
global_booleans
global_tunables
mcs
mls
policy_capabilities
users