Created attachment 541808 [details] policy that fixes it refpol will deny dirmngr_t (gpg --recv-key) to bind udp sockets on unreserved port, which it seems to need to recv/send keys It will also deny the creation of a dirmngr socket under the assumption that XDG_RUNTIME_DIR is present/set, which gnupg does not seem to require See attached my local policy which fixes the issues and makes it work on non-systemd/non-consolekit systems The attached AVC is still present but does not seem to affect functionality
Created attachment 541810 [details] local policy fcontexts
Created attachment 541812 [details] Remaining AVC
Created attachment 541814 [details] Original AVC
Affected versions <=sec-policy/selinux-gpg-20180701-r1