Summary: | sys-apps/portage-2.2.15 - emerge-webrsync can't verify gpg signature | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Amadeusz Sławiński <amade> |
Component: | SELinux | Assignee: | SE Linux Bugs <selinux> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | sec-policy r2 | ||
Package list: | Runtime testing required: | --- |
Description
Amadeusz Sławiński
2014-12-08 16:47:45 UTC
Sorry, for enforcing should have been this one: Dec 8 17:39:11 maelstrom kernel: [36290.836958] audit: type=1400 audit(1418056751.375:119): avc: denied { search } for pid=53966 comm="gpg" name="portage" dev="dm-0" ino=3146644 scontext=staff_u:sysadm_r:gpg_t tcontext=system_u:object_r:portage_conf_t tclass=dir permissive=0 So it seems like emerge-webrsync was moved to /usr/bin, after changing it's context from bin_t to portage_fetch_exec_t it works. added in commit 2e785432171dbe3d277641b67f95081d7fe5d84e, thanks r2 is in tree, ~arch stable |