From: mgrepl@redhat.com (Miroslav Grepl)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] apps_gpg.patch
Date: Tue, 20 Jul 2010 08:49:54 +0200 [thread overview]
Message-ID: <4C454712.2090700@redhat.com> (raw)
In-Reply-To: <4C44930D.4030305@redhat.com>
On 07/19/2010 08:01 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/19/2010 01:45 PM, Christopher J. PeBenito wrote:
>
>> On 07/13/10 08:15, Daniel J Walsh wrote:
>>
>>> On 07/06/2010 10:59 AM, Christopher J. PeBenito wrote:
>>>
>>>> On 06/02/10 16:05, Daniel J Walsh wrote:
>>>>
>>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/apps_gpg.patch
>>>>>
>>>>> gpg dontaudit leaks.
>>>>>
>>>> Merged.
>>>>
>>>>
>>>>> Added policy so apache can execute gpg
>>>>>
>>>> I don't understand this part. It seems more like it should be a domain
>>>> in the apache module instead.
>>>>
>>>>
>>> I guess we could go that way, but you need interfaces including
>>> gpg_exec_t.
>>>
>> How is this used? Is it run from a CGI script to check the signature or
>> (en|de)crypt a file?
>>
>>
Yes, it is run from a CGI script to check the signature or (en|de)crypt
a file. Related bug #562083.
We also added the following change
optional_policy(`
tunable_policy(`httpd_enable_cgi && httpd_use_gpg',`
- gpg_domtrans(httpd_t)
+ gpg_domtrans_web(httpd_t)
')
')
Regards,
Miroslav
> Yes and Yes, I think.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkxEkw0ACgkQrlYvE4MpobP5PQCghfRZmBU9jAJKqInOupTCscKj
> QbkAoNE0YRTo7HSdry4fyyIG+JGlg+3r
> =ObBx
> -----END PGP SIGNATURE-----
>
next prev parent reply other threads:[~2010-07-20 6:49 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-02 20:05 [refpolicy] apps_gpg.patch Daniel J Walsh
2010-07-06 14:59 ` Christopher J. PeBenito
2010-07-13 12:15 ` Daniel J Walsh
2010-07-19 17:45 ` Christopher J. PeBenito
2010-07-19 18:01 ` Daniel J Walsh
2010-07-20 6:49 ` Miroslav Grepl [this message]
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 22:37 Daniel J Walsh
2010-02-23 19:24 Daniel J Walsh
2009-11-12 20:45 Daniel J Walsh
2009-12-01 15:32 ` Christopher J. PeBenito
2009-08-28 20:06 Daniel J Walsh
2009-09-03 12:23 ` Christopher J. PeBenito
2009-05-21 14:58 Daniel J Walsh
2009-07-21 14:11 ` Christopher J. PeBenito
2009-03-24 13:18 Daniel J Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C454712.2090700@redhat.com \
--to=mgrepl@redhat.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.