-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/06/2011 12:11 PM, Christoph A. wrote: > On 06/06/2011 05:33 PM, Daniel J Walsh wrote: >> What avc are you seeing. Most likely we should just allow the access. > > Is sandbox_net_t allowed to access/execute gpg_agent_exec_t and > gpg_exec_t files? > > ll -Z `which gpg-agent ` > -rwxr-xr-x. root root system_u:object_r:gpg_agent_exec_t:s0 > /usr/bin/gpg-agent > > ll -Z `which gpg ` > -rwxr-xr-x. root root system_u:object_r:gpg_exec_t:s0 /usr/bin/gpg - -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux Yes sesearch -A -s sandbox_net_t -t gpg_exec_t WARNING: Policy would be downgraded from version 26 to 25. Found 3 semantic av rules: allow sandbox_x_domain file_type : file entrypoint ; allow sandbox_x_domain exec_type : file { ioctl read getattr lock execute execute_no_trans open } ; allow sandbox_x_domain exec_type : lnk_file { read getattr } ; sesearch -A -s sandbox_net_t -t gpg_agent_exec_t WARNING: Policy would be downgraded from version 26 to 25. Found 3 semantic av rules: allow sandbox_x_domain file_type : file entrypoint ; allow sandbox_x_domain exec_type : file { ioctl read getattr lock execute execute_no_trans open } ; allow sandbox_x_domain exec_type : lnk_file { read getattr } ; -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk3tFkoACgkQrlYvE4MpobNbtACfdEzrIHJFF6mlnRQIE0ncynpv 9nwAnR4bCkes5ZXCxxOAT19po8kV4IG4 =z+2F -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
