From: guido@trentalancia.net (Guido Trentalancia) Date: Fri, 02 Sep 2016 13:26:42 +0200 Subject: [refpolicy] [PATCH] gpg: public key signature verification in evolution In-Reply-To: References: <1472737946.17989.0.camel@trentalancia.net> <7958812d-93fe-ded7-fb23-6d02c150bcb3@ieee.org> Message-ID: <1472815602.23008.8.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello Dominick. On Fri, 02/09/2016 at 10.48 +0200, Dominick Grift via refpolicy wrote: > On 09/02/2016 01:26 AM, Chris PeBenito via refpolicy wrote: > > > > On 09/01/16 09:52, Guido Trentalancia via refpolicy wrote: > > > > > > Let gpg verify public key signatures in the evolution mail client > > > application. > > > > > > Signed-off-by: Guido Trentalancia > > > --- > > > ?policy/modules/contrib/evolution.if |???21 +++++++++++++++++++++ > > > ?policy/modules/contrib/gpg.te???????|????4 ++++ > > > ?2 files changed, 25 insertions(+) > > > > > > --- refpolicy-git-06082016- > > > orig/policy/modules/contrib/evolution.if 2016-08-06 > > > 21:27:11.349094280 +0200 > > > +++ refpolicy-git-06082016/policy/modules/contrib/evolution.if > > > 2016-09-01 15:33:27.072148930 +0200 > > > @@ -128,6 +128,27 @@ interface(`evolution_stream_connect',` > > > > > > ?######################################## > > > ?## > > > +## Read evolution orbit temporary > > > +## files. > > > +## > > > +## > > > +## > > > +## Domain allowed access. > > > +## > > > +## > > > +# > > > +interface(`evolution_read_orbit_tmp_t',` > > > > evolution_read_orbit_tmp_files() > > > > > > You dont have to mention "orbit" at all. There are only sockets in > orbit, and push comes to show that's just a evolution socket. This > file > is outside of orbit and so it have nothing to do with orbit > > so i would just use evolution_read_tmp_files() > > however eventually it probably need rw instead of r, For example when > you sign emails. Let's try to sign this message and see if it also requires write permissions... Guido -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 213 bytes Desc: This is a digitally signed message part Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160902/8b95c9e6/attachment-0001.bin