From: nicolas.iooss@m4x.org (Nicolas Iooss) Date: Thu, 27 Oct 2016 09:59:53 +0200 Subject: [refpolicy] [PATCH 2/4] gpg: add new socket paths In-Reply-To: <1477502361-20223-2-git-send-email-jason@perfinion.com> References: <1477502361-20223-1-git-send-email-jason@perfinion.com> <1477502361-20223-2-git-send-email-jason@perfinion.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, Oct 26, 2016 at 7:19 PM, Jason Zaman via refpolicy < refpolicy@oss.tresys.com> wrote: > GPG 2.1 has sockets in /run/user/UID/gnupg/ and > ~/.gnupg/S.gpg-agent{,.ssh}. > > also allow pinentry to dbus chat gkeyring > --- > gpg.fc | 4 ++++ > gpg.if | 4 ++++ > gpg.te | 8 ++++++++ > 3 files changed, 16 insertions(+) > > diff --git a/gpg.fc b/gpg.fc > index 888cd2c..dcd6a16 100644 > --- a/gpg.fc > +++ b/gpg.fc > @@ -1,5 +1,7 @@ > HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:gpg_secret_t,s0) > HOME_DIR/\.gnupg/log-socket -s gen_context(system_u:object_r: > gpg_agent_tmp_t,s0) > +HOME_DIR/\.gnupg/S.gpg-agent -s gen_context(system_u:object_r: > gpg_agent_tmp_t,s0) > +HOME_DIR/\.gnupg/S.gpg-agent.ssh -s gen_context(system_u:object_r: > gpg_agent_tmp_t,s0) > Hi, In these file patterns you might want to escape the dots with backslashes so that they only match S.gpg-agent{,.ssh} and not files which have any character where the dots are in the pattern. Otherwise the patches look good to me. Nicolas -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20161027/4b546832/attachment.html