mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 08:58:15 +01:00
gpg: better integration with gpg* profiles.
This commit is contained in:
Alexandre Pujol
parent
e5ce66d1ca
commit
6069cf32a7
2 changed files with 7 additions and 2 deletions
|
|
@ -12,6 +12,7 @@ profile gpg-agent @{exec_path} {
|
|||
include <abstractions/nameservice-strict>
|
||||
|
||||
signal (receive) peer=pinentry-*,
|
||||
signal (receive) peer=scdaemon,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
@ -23,16 +24,17 @@ profile gpg-agent @{exec_path} {
|
|||
owner @{HOME}/@{XDG_GPG_DIR}/gpg-agent.conf r,
|
||||
owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/ rw,
|
||||
owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/[0-9A-F]*.key rw,
|
||||
owner @{HOME}/@{XDG_GPG_DIR}/S.gpg-agent{,.ssh,.browser,.extra} rw,
|
||||
|
||||
owner /var/lib/*/.gnupg/ rw,
|
||||
owner /var/lib/*/.gnupg/private-keys-v1.d/ rw,
|
||||
owner /var/lib/*/.gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
|
||||
owner /var/lib/*/.gnupg/S.gpg-agent rw,
|
||||
owner /var/lib/*/.gnupg/S.gpg-agent{,.ssh,.browser,.extra} rw,
|
||||
|
||||
owner /var/lib/*/gnupg/ rw,
|
||||
owner /var/lib/*/gnupg/private-keys-v1.d/ rw,
|
||||
owner /var/lib/*/gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
|
||||
owner /var/lib/*/gnupg/S.gpg-agent rw,
|
||||
owner /var/lib/*/gnupg/S.gpg-agent{,.ssh,.browser,.extra} rw,
|
||||
|
||||
# For debuild
|
||||
owner /tmp/dpkg-import-key.*/private-keys-v1.d/ w,
|
||||
|
|
|
|||
|
|
@ -13,9 +13,12 @@ profile scdaemon @{exec_path} {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
signal (send) peer=gpg-agent,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{HOME}/@{XDG_GPG_DIR}/scdaemon.conf r,
|
||||
owner @{HOME}/@{XDG_GPG_DIR}/reader_0.status rw,
|
||||
|
||||
owner @{run}/user/[0-9]*/gnupg/S.scdaemon rw,
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue