From: dwalsh@redhat.com (Daniel J Walsh)
Date: Mon, 19 Jul 2010 14:01:49 -0400
Subject: [refpolicy] apps_gpg.patch
In-Reply-To: <4C448F2E.2000907@tresys.com>
References: <4C06B97E.30807@redhat.com> <4C3344D3.9060808@tresys.com>
	<4C3C58F5.9040700@redhat.com> <4C448F2E.2000907@tresys.com>
Message-ID: <4C44930D.4030305@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/19/2010 01:45 PM, Christopher J. PeBenito wrote:
> On 07/13/10 08:15, Daniel J Walsh wrote:
>> On 07/06/2010 10:59 AM, Christopher J. PeBenito wrote:
>>> On 06/02/10 16:05, Daniel J Walsh wrote:
>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/apps_gpg.patch
>>>>
>>>> gpg dontaudit leaks.
>>>
>>> Merged.
>>>
>>>> Added policy so apache can execute gpg
>>>
>>> I don't understand this part.  It seems more like it should be a domain
>>> in the apache module instead.
>>>
>> I guess we could go that way, but you need interfaces including
>> gpg_exec_t.
> 
> How is this used?  Is it run from a CGI script to check the signature or
> (en|de)crypt a file?
> 
Yes and Yes, I think.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxEkw0ACgkQrlYvE4MpobP5PQCghfRZmBU9jAJKqInOupTCscKj
QbkAoNE0YRTo7HSdry4fyyIG+JGlg+3r
=ObBx
-----END PGP SIGNATURE-----