From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 19 Jul 2010 13:45:18 -0400
Subject: [refpolicy] apps_gpg.patch
In-Reply-To: <4C3C58F5.9040700@redhat.com>
References: <4C06B97E.30807@redhat.com> <4C3344D3.9060808@tresys.com>
	<4C3C58F5.9040700@redhat.com>
Message-ID: <4C448F2E.2000907@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/13/10 08:15, Daniel J Walsh wrote:
> On 07/06/2010 10:59 AM, Christopher J. PeBenito wrote:
>> On 06/02/10 16:05, Daniel J Walsh wrote:
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/apps_gpg.patch
>>>
>>> gpg dontaudit leaks.
>>
>> Merged.
>>
>>> Added policy so apache can execute gpg
>>
>> I don't understand this part.  It seems more like it should be a domain
>> in the apache module instead.
>>
> I guess we could go that way, but you need interfaces including gpg_exec_t.

How is this used?  Is it run from a CGI script to check the signature or 
(en|de)crypt a file?

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com