gpg: add watch perms for agent
avc: denied { watch } for pid=10668 comm="gpg-agent" path="/run/user/1000/gnupg" dev="tmpfs" ino=21988 scontext=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:gpg_runtime_t:s0 tclass=dir permissive=0
avc: denied { watch } for pid=10668 comm="gpg-agent" path="/home/jason/.gnupg" dev="zfs" ino=34432 scontext=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:gpg_secret_t:s0 tclass=dir permissive=0
Signed-off-by: Jason Zaman <jason@perfinion.com>
This commit is contained in:
Jason Zaman
Chris PeBenito
parent
509a639deb
commit
8742aa4e3e
@ -229,9 +229,11 @@ manage_dirs_pattern(gpg_agent_t, gpg_secret_t, gpg_secret_t)
|
||||
manage_sock_files_pattern(gpg_agent_t, gpg_secret_t, gpg_secret_t)
|
||||
manage_files_pattern(gpg_agent_t, gpg_secret_t, gpg_secret_t)
|
||||
manage_lnk_files_pattern(gpg_agent_t, gpg_secret_t, gpg_secret_t)
|
||||
allow gpg_agent_t gpg_secret_t:dir watch;
|
||||
|
||||
manage_dirs_pattern(gpg_agent_t, gpg_runtime_t, gpg_runtime_t)
|
||||
userdom_user_runtime_filetrans(gpg_agent_t, gpg_runtime_t, dir, "gnupg")
|
||||
allow gpg_agent_t gpg_runtime_t:dir watch;
|
||||
|
||||
manage_dirs_pattern(gpg_agent_t, gpg_agent_tmp_t, gpg_agent_tmp_t)
|
||||
manage_files_pattern(gpg_agent_t, gpg_agent_tmp_t, gpg_agent_tmp_t)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user