Changeset 2681
- Timestamp:
- 05/12/08 15:05:32
(6 months ago)
- Author:
- pebenito
- Message:
trunk: Patch to allow gpg agent --write-env-file option from Vaclav Ovsik.
-
Files:
-
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
| r2674 |
r2681 |
|
| | 1 | - Patch to allow gpg agent --write-env-file option from Vaclav Ovsik. |
|---|
| 1 | 2 | - X application data class from Eamon Walsh and Ted Toth. |
|---|
| 2 | 3 | - Move user roles into individual modules. |
|---|
| r2372 |
r2681 |
|
| 208 | 208 | allow $1_gpg_agent_t self:fifo_file rw_fifo_file_perms; |
|---|
| 209 | 209 | |
|---|
| | 210 | # Allow the gpg-agent to manage its tmp files (socket) |
|---|
| | 211 | manage_dirs_pattern($1_gpg_agent_t,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t) |
|---|
| | 212 | manage_files_pattern($1_gpg_agent_t,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t) |
|---|
| | 213 | manage_sock_files_pattern($1_gpg_agent_t,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t) |
|---|
| | 214 | files_tmp_filetrans($1_gpg_agent_t, $1_gpg_agent_tmp_t, { file sock_file dir }) |
|---|
| | 215 | |
|---|
| 210 | 216 | # read and write ~/.gnupg (gpg-agent stores secret keys in ~/.gnupg/private-keys-v1.d ) |
|---|
| 211 | 217 | manage_dirs_pattern($1_gpg_agent_t,$1_gpg_secret_t,$1_gpg_secret_t) |
|---|
| … | … | |
| 220 | 226 | |
|---|
| 221 | 227 | # Allow the user shell to signal the gpg-agent program. |
|---|
| 222 | | allow $2 $1_gpg_agent_t:process { signal sigkill }; |
|---|
| 223 | | |
|---|
| | 228 | allow $2 $1_gpg_agent_t:process { signal sigkill signull }; |
|---|
| | 229 | |
|---|
| | 230 | # Allow the user to manage gpg-agent tmp files (socket) |
|---|
| 224 | 231 | manage_dirs_pattern($2,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t) |
|---|
| 225 | 232 | manage_files_pattern($2,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t) |
|---|
| 226 | 233 | manage_sock_files_pattern($2,$1_gpg_agent_tmp_t,$1_gpg_agent_tmp_t) |
|---|
| 227 | | files_tmp_filetrans($1_gpg_agent_t, $1_gpg_agent_tmp_t, { file sock_file dir }) |
|---|
| 228 | 234 | |
|---|
| 229 | 235 | # Transition from the user domain to the derived domain. |
|---|
| … | … | |
| 243 | 249 | # read and write ~/.gnupg (gpg-agent stores secret keys in ~/.gnupg/private-keys-v1.d ) |
|---|
| 244 | 250 | userdom_search_user_home_dirs($1,$1_gpg_agent_t) |
|---|
| | 251 | |
|---|
| | 252 | tunable_policy(`gpg_agent_env_file',` |
|---|
| | 253 | # write ~/.gpg-agent-info or a similar to the users home dir |
|---|
| | 254 | # or subdir (gpg-agent --write-env-file option) |
|---|
| | 255 | # |
|---|
| | 256 | userdom_user_home_dir_filetrans_user_home_content($1,$1_gpg_agent_t,file) |
|---|
| | 257 | userdom_manage_user_home_content_dirs($1,$1_gpg_agent_t) |
|---|
| | 258 | userdom_manage_user_home_content_files($1,$1_gpg_agent_t) |
|---|
| | 259 | ') |
|---|
| 245 | 260 | |
|---|
| 246 | 261 | tunable_policy(`use_nfs_home_dirs',` |
|---|
| r2553 |
r2681 |
|
| 1 | 1 | |
|---|
| 2 | | policy_module(gpg, 1.5.0) |
|---|
| | 2 | policy_module(gpg, 1.5.1) |
|---|
| 3 | 3 | |
|---|
| 4 | 4 | ######################################## |
|---|
| … | … | |
| 6 | 6 | # Declarations |
|---|
| 7 | 7 | # |
|---|
| | 8 | |
|---|
| | 9 | ## <desc> |
|---|
| | 10 | ## <p> |
|---|
| | 11 | ## Allow usage of the gpg-agent --write-env-file option. |
|---|
| | 12 | ## This also allows gpg-agent to manage user files. |
|---|
| | 13 | ## </p> |
|---|
| | 14 | ## </desc> |
|---|
| | 15 | gen_tunable(gpg_agent_env_file, false) |
|---|
| 8 | 16 | |
|---|
| 9 | 17 | # Type for gpg or pgp executables. |
|---|
Download in other formats:
* Generating other formats may take time.
