On Tue, 2004-04-20 at 22:02, Josh Boyer wrote: > Trying to generate a new gpg key fails with the latest policy updates. > Below is the avc: > > audit(1082512578.827:0): avc: denied { read } for pid=2543 > exe=/usr/bin/gpg name=random dev=hda5 ino=267501 > scontext=user_u:user_r:user_gpg_t > tcontext=system_u:object_r:random_device_t tclass=chr_file > > [jwboyer@localhost jwboyer]$ rpm -q policy > policy-1.11.2-9 Try this patch, will be in the next policy.
--- policy-1.11.2/macros/program/gpg_macros.te~ 2004-04-13 19:56:28.000000000 -0400 +++ policy-1.11.2/macros/program/gpg_macros.te 2004-04-20 22:34:54.883836664 -0400 @@ -42,7 +42,7 @@ allow $1_t $1_gpg_secret_t:file getattr; allow $1_gpg_t device_t:dir r_dir_perms; -allow $1_gpg_t urandom_device_t:chr_file r_file_perms; +allow $1_gpg_t { random_device_t urandom_device_t }:chr_file r_file_perms; allow $1_gpg_t etc_t:file r_file_perms;
Attachment:
signature.asc
Description: This is a digitally signed message part