Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 29887 Details for
Bug 48771
gpg-related policy files
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
macros
gpg_macros.te (text/plain), 2.63 KB, created by
petre rodan (RETIRED)
on 2004-04-23 02:57:47 UTC
(
hide
)
Description:
macros
Filename:
MIME Type:
Creator:
petre rodan (RETIRED)
Created:
2004-04-23 02:57:47 UTC
Size:
2.63 KB
patch
obsolete
># ># Macros for gpg and pgp ># ># Author: Russell Coker <russell@coker.com.au> ># ># based on the work of: ># Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser ># > ># ># gpg_domain(domain_prefix) ># ># Define a derived domain for the gpg/pgp program when executed by ># a user domain. ># ># The type declaration for the executable type for this program is ># provided separately in domains/program/gpg.te. ># >define(`gpg_domain', ` ># Derived domain based on the calling user domain and the program. >type $1_gpg_t, domain, privlog; ># Transition from the user domain to the derived domain. >domain_auto_trans($1_t, gpg_exec_t, $1_gpg_t) > >can_network($1_gpg_t) > ># for a bug in kmail >dontaudit $1_gpg_t $1_t:unix_stream_socket { read write }; > ># The user role is authorized for this domain. >role $1_r types $1_gpg_t; > >type $1_gpg_secret_t, file_type, sysadmfile; > >allow $1_t $1_gpg_secret_t:file getattr; > >allow $1_gpg_t device_t:dir r_dir_perms; >allow $1_gpg_t random_device_t:chr_file r_file_perms; > >allow $1_gpg_t { etc_t resolv_conf_t }:file r_file_perms; > >allow $1_gpg_t self:unix_stream_socket create_stream_socket_perms; >allow $1_gpg_t self:tcp_socket create_stream_socket_perms; > >allow $1_gpg_t { $1_devpts_t $1_tty_device_t }:chr_file rw_file_perms; >ifdef(`gnome-pty-helper.te', `allow $1_gpg_t $1_gph_t:fd use;') >allow $1_gpg_t privfd:fd use; > ># Inherit and use descriptors >allow $1_gpg_t $1_t:fd use; >allow $1_gpg_t $1_t:process sigchld; >allow { $1_t $1_gpg_t } $1_gpg_t:process signal; > ># allow ps to show gpg >allow $1_t $1_gpg_t:dir { search getattr read }; >allow $1_t $1_gpg_t:{ file lnk_file } { read getattr }; > >uses_shlib($1_gpg_t) > ># should not need read access... >allow $1_gpg_t home_root_t:dir { read search }; > ># use $1_gpg_secret_t for files it creates ># NB we are doing the type transition for directory creation only! ># so ~/.gnupg will be of $1_gpg_secret_t, then files created under it such as ># secring.gpg will be of $1_gpg_secret_t too. But when you use gpg to decrypt ># a file and write output to your home directory it will use user_home_t. >file_type_auto_trans($1_gpg_t, $1_home_dir_t, $1_gpg_secret_t, dir) >rw_dir_create_file($1_gpg_t, $1_gpg_secret_t) > >file_type_auto_trans($1_gpg_t, $1_home_dir_t, $1_home_t, file) >create_dir_file($1_gpg_t, $1_home_t) > ># allow the usual access to /tmp >file_type_auto_trans($1_gpg_t, tmp_t, $1_tmp_t) > >allow $1_gpg_t self:capability { ipc_lock setuid }; >allow $1_gpg_t devtty_t:chr_file rw_file_perms; > >allow $1_gpg_t { etc_t usr_t }:dir r_dir_perms; >allow $1_gpg_t fs_t:filesystem getattr; >allow $1_gpg_t usr_t:file r_file_perms; >read_locale($1_gpg_t) >allow $1_t $1_gpg_secret_t:dir rw_dir_perms; > >dontaudit $1_gpg_t var_t:dir search; >')
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=29887">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 48771
:
29885
|
29886
| 29887 |
29888
