From: aranea@aixah.de (Luis Ressel)
Date: Sun, 11 Dec 2016 20:55:30 +0100
Subject: [refpolicy] [PATCH 3/3] Policy for gpg's dirmngr
In-Reply-To: <6f7e52bb-668b-0d6b-de45-8a490488a4ae@ieee.org>
References: <20161209181423.29820-1-aranea@aixah.de>
	<20161209181423.29820-3-aranea@aixah.de>
	<6f7e52bb-668b-0d6b-de45-8a490488a4ae@ieee.org>
Message-ID: <20161211205530.5194a7af@gentp.lnet>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, 11 Dec 2016 14:27:56 -0500
Chris PeBenito via refpolicy <refpolicy@oss.tresys.com> wrote:

> On 12/09/16 13:14, Luis Ressel via refpolicy wrote:
> > GnuPG 2.1 uses a separate dirmngr process for retrieving keys from a
> > keyserver.
> >
> > This policy may be lacking permissions for some of dirmngr's
> > features I don't use, such as key retrieval via http or ldap and
> > OCSP lookups.  
> 
> How does this relate to the existing dirmngr module?  There is a 
> conflict in the /usr/bin/dirmngr labeling.

WHOOOPS, I hadn't noticed the dirmngr module. Looks like dirmngr was
originally a separate program, which has only been bundled with gnupg
since gnupg 2.1. Thanks for noticing!

I'll go over the dirmngr module and check if it provides all
permissions required by gnupg 2.1's dirmngr. (And I obviously retract
this patch.)

Regards,
Luis