From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 13 Jul 2010 08:15:49 -0400
Subject: [refpolicy] apps_gpg.patch
In-Reply-To: <4C3344D3.9060808@tresys.com>
References: <4C06B97E.30807@redhat.com> <4C3344D3.9060808@tresys.com>
Message-ID: <4C3C58F5.9040700@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/06/2010 10:59 AM, Christopher J. PeBenito wrote:
> On 06/02/10 16:05, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/apps_gpg.patch
>>
>> gpg dontaudit leaks.
> 
> Merged.
> 
>> Added policy so apache can execute gpg
> 
> I don't understand this part.  It seems more like it should be a domain
> in the apache module instead.
> 
I guess we could go that way, but you need interfaces including gpg_exec_t.