-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 06/06/2011 09:23 PM, Christoph A. wrote: > On 06/04/2011 03:10 AM, Christoph A. wrote: >> "Could not start the gpg-agent program which is needed for you GnuPG >> version denied." > > starting thunderbird with gpg-agent like this: > sandbox -X -t sandbox_net_t -H tb gpg-agent --daemon thunderbird > > seams to solve the first error. > > Next error: > Error - encryption command failed > /usr/bin/gpg --charset utf8 .... --list-secret-keys > gpg: fatal: can't disable core dumps: Permission denied > secmem usage: 0/0 bytes in 0/0 blocks of pool 0/0 > > getsebool -a|grep -i dump > allow_daemons_dump_core --> on > > So gpg is not allowed to disable coredumps. > Is this a policy bug? > (no AVCs) > How can I allow gpg to disable core dumps? something similar to [1] is probably needed for sandbox_net_t too. allow sandbox_net_t self:process setrlimit; correct? [1] https://bugzilla.redhat.com/show_bug.cgi?id=610812 -----BEGIN PGP SIGNATURE----- iEYEAREKAAYFAk3tKz0ACgkQrq+riTAIEg0YLQCfTVUzlPIwdjGwhkkiiN/fPrQs NY0AoImxlny2TIZ7f5Ts4E95EhNmCUZc =SCQv -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
