[refpolicy] apps_gpg.patch

Daniel J Walsh dwalsh at redhat.com
Tue Mar 24 08:18:14 CDT 2009


http://people.fedoraproject.org/~dwalsh/SELinux/F11/apps_gpg.patch

Fix gpg file context for 64 bit platform

Apps send sigkill to gpg as well as signal

gpg gets execed by firefox and thunderbird which leak file descriptors 
like crazy so need to cover this up

gpg needs getcap


Creates /tmp files

Reads kernel sysctl to check fips mode

lists inotify

cals getpw



gpg_helper needs get and setsched

calls getpw
Lists inotify

gpg_t needs to be able to rewrite /tmp files created by thunderbird and 
files in the homedir, in order to sign/encrypt them



More information about the refpolicy mailing list