Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp7420445ybl; Tue, 24 Dec 2019 02:11:13 -0800 (PST) X-Google-Smtp-Source: APXvYqwZVTrhVLUTvw5MM4WdH35D6Hb+TYOliMqTZb5EMbfZTxwzaMB/N338Z7flqb3U12b5WF4a X-Received: by 2002:a05:6830:121a:: with SMTP id r26mr30877070otp.225.1577182273146; Tue, 24 Dec 2019 02:11:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1577182273; cv=none; d=google.com; s=arc-20160816; b=lY3V+IazNPV1xA1QrjhC39LXck989+6epEF+qrSHGFz+MhAlt3BYwSlXbA4nW7fLF4 H5a4i+dN94fItJ6JWOfvY03W70Eq1M2/lO8VA8Vj+wruX6nXRqIu13J3gSt+mq1ypYa7 QTF79uetMEU+1pt34jL1jgCF2S2mvHhVPfK9DvUCAFxYoRmBNU6Xq8g4UumrpVtt4+CL x1trSfuJmHFYaLuqGmDIb/L7JGaHU2VYqklwT7SAAlY0GqH0+HPNM+CyrcuJRUjdooId WgBmjePvJbxJ9xBc7dHmr2KIBSoJvDb32iJVT4/gp7Pr0q2SIUCycBAnMSvJsFEp0px6 VZVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=LSVEfk11zGAgPv7jywM9AL/+MxQla69q5uh2eCUmamE=; b=ud+3IWaMz2/FqMG14ZkxEzNEbh0MrqAlWCFXkEDB5amFmrnZNsg3W60ZHWlUdJHUSv ECIli6gL3oTn5e4CX7hnyrhWF8XFcqRS74euJCTmjNCPxtTc86h1cqkKhmZeRd0kbo65 EjWSwMd3Vy1IEjWkXxVFwOTx9bFDTlHedszSN5JWf8qraZ53pLaPc7sR7dl0TP1Nl/rn rfisjQGDQvCrr86WEAiij/IUFNoql+P8tqzKy+GloqooWFPdQnBkoKz8OhCXYw5KpCka Xz5KX3WzaVa03BS3wt51b3QhH6smcVb4Uod8SovOtUfN+JnMhMtVGKJredKZ2bSHcCr0 dkHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@perfinion-com.20150623.gappssmtp.com header.s=20150623 header.b=l2KgSNER; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k8si8200020otf.66.2019.12.24.02.11.11; Tue, 24 Dec 2019 02:11:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@perfinion-com.20150623.gappssmtp.com header.s=20150623 header.b=l2KgSNER; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726222AbfLXKLK (ORCPT + 11 others); Tue, 24 Dec 2019 05:11:10 -0500 Received: from mail-pl1-f179.google.com ([209.85.214.179]:46183 "EHLO mail-pl1-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726084AbfLXKLK (ORCPT ); Tue, 24 Dec 2019 05:11:10 -0500 Received: by mail-pl1-f179.google.com with SMTP id y8so8286649pll.13 for ; Tue, 24 Dec 2019 02:11:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=perfinion-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=LSVEfk11zGAgPv7jywM9AL/+MxQla69q5uh2eCUmamE=; b=l2KgSNERf80Tze9LvuAI6bRbtld2kVbGX4wolSBspgImb0IAP0/Knj/O/IDm9Hkjet /nz5JHK36ze/uiUWu/LFpv2HiyFuSil7JlA3yCoA5ZkRCAwhyntspSTPoEAzY392TXRS yQcjYf/X10I1NGGCY4fL38g4jQ/vNB3VMwPBPJEWjn576KPi0HSCMzrEQt0BWyzEHkPe avr/Cxx+Hr2BFbug6xoEbvitloa5vVQVEECWomsvYgDhpEBRGqRQ3NDXiGxlqiINAOIb iJA3JR9935nM4Ivcsa7eJosCyLrywEqyjKZK5cINPa99z/rOOL/JbqayIDO+aYqtwlNd J+uw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=LSVEfk11zGAgPv7jywM9AL/+MxQla69q5uh2eCUmamE=; b=N6vd8UaT+SX91tGJ0i1dhjV5RkquIX81SyM2QYeJe3TL+p3C2AaO0IPAANZq3yiZNY /qxhrUwwH0TKcpAsxmlfpCzMxIKpquVacQptQRRGpZr8YUj4vGnkZWFTjugY6wbbP1mX gbYwYLQnZEvcD4ZSdK3ZO1NBbdplExzUeoEZXDUCpJld9yWUQ6ela8gSUPL6x97KR72Y rChKj+/nJg2NbB1+ky/ap3NSR5jLnkPktKHebeG1gsUujXPJQDNPYrEQaRunynmAr8pD hg0mMA+LBlGU34PseTMgTVRHMIcv2WcuHe/9yOHT/ig7cNl9S34XvW1n1wkZPrSla2MP MTsw== X-Gm-Message-State: APjAAAUjbOUWzJ0ZYu7b3sl/1m+myfUJa/qCL6s16hlAZ7yFflxtgbeV JMHAxzRu4BIXByQ7fARTTIrdOKJm2iwreA== X-Received: by 2002:a17:90a:d783:: with SMTP id z3mr4697682pju.3.1577182269313; Tue, 24 Dec 2019 02:11:09 -0800 (PST) Received: from localhost ([101.127.140.252]) by smtp.gmail.com with ESMTPSA id a17sm2855214pjv.6.2019.12.24.02.11.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Dec 2019 02:11:08 -0800 (PST) From: Jason Zaman To: selinux-refpolicy@vger.kernel.org Cc: Jason Zaman Subject: [PATCH 5/9] dirmngr: accept unix stream socket Date: Tue, 24 Dec 2019 18:10:39 +0800 Message-Id: <20191224101043.58122-5-jason@perfinion.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20191224101043.58122-1-jason@perfinion.com> References: <20191224101043.58122-1-jason@perfinion.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org dirmngr needs to listen and accept on /run/user/1000/gnupg/S.dirmngr type=AVC msg=audit(1554175286.968:2720907): avc: denied { accept } for pid=15692 comm="dirmngr" path="/run/user/1000/gnupg/S.dirmngr" scontext=staff_u:staff_r:dirmngr_t:s0-s0:c0.c1023 tcontext=staff_u:staff_r:dirmngr_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0 Signed-off-by: Jason Zaman --- policy/modules/services/dirmngr.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/services/dirmngr.te b/policy/modules/services/dirmngr.te index 056cd97b..e34295e7 100644 --- a/policy/modules/services/dirmngr.te +++ b/policy/modules/services/dirmngr.te @@ -37,6 +37,7 @@ userdom_user_home_content(dirmngr_home_t) # allow dirmngr_t self:fifo_file rw_file_perms; +allow dirmngr_t self:unix_stream_socket rw_stream_socket_perms; allow dirmngr_t dirmngr_conf_t:dir list_dir_perms; allow dirmngr_t dirmngr_conf_t:file read_file_perms; -- 2.24.1