RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/modules
History
Nicolas Iooss 15151782bd
gpg: allow gpg-agent to read crypto.fips_enabled sysctl 
On Debian 10, when gpg-agent starts, it reads crypto.fips_enabled:

    type=AVC msg=audit(1569958604.280:42): avc:  denied  { open } for
    pid=329 comm="gpg-agent" path="/proc/sys/crypto/fips_enabled"
    dev="proc" ino=14687 scontext=sysadm_u:sysadm_r:gpg_agent_t
    tcontext=system_u:object_r:sysctl_crypto_t tclass=file permissive=1

    type=AVC msg=audit(1569958604.280:42): avc:  denied  { read } for
    pid=329 comm="gpg-agent" name="fips_enabled" dev="proc" ino=14687
    scontext=sysadm_u:sysadm_r:gpg_agent_t
    tcontext=system_u:object_r:sysctl_crypto_t tclass=file permissive=1

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
 		2019-10-01 21:58:24 +02:00
..
admin various: Module version bump. 2019-09-30 20:39:31 -04:00
apps gpg: allow gpg-agent to read crypto.fips_enabled sysctl 2019-10-01 21:58:24 +02:00
kernel filesystem, systemd: Module version bump. 2019-09-30 20:57:29 -04:00
roles various: Module version bump. 2019-09-07 16:58:51 -04:00
services various: Module version bump. 2019-09-30 20:39:31 -04:00
system filesystem, systemd: Module version bump. 2019-09-30 20:57:29 -04:00