mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-31 07:17:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

gpg: better integration with gpg* profiles.

Browse source
This commit is contained in:
Alexandre Pujol 2021-04-02 10:49:27 +01:00
parent e5ce66d1ca
commit 6069cf32a7
Failed to generate hash of commit
2 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/groups/gpg/gpg-agent
View file

@ -12,6 +12,7 @@ profile gpg-agent @{exec_path} {
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
signal (receive) peer=pinentry-*, signal (receive) peer=pinentry-*,
signal (receive) peer=scdaemon,
@{exec_path} mr, @{exec_path} mr,
@ -23,16 +24,17 @@ profile gpg-agent @{exec_path} {
owner @{HOME}/@{XDG_GPG_DIR}/gpg-agent.conf r, owner @{HOME}/@{XDG_GPG_DIR}/gpg-agent.conf r,
owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/ rw, owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/[0-9A-F]*.key rw, owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/[0-9A-F]*.key rw,
owner @{HOME}/@{XDG_GPG_DIR}/S.gpg-agent{,.ssh,.browser,.extra} rw,
owner /var/lib/*/.gnupg/ rw, owner /var/lib/*/.gnupg/ rw,
owner /var/lib/*/.gnupg/private-keys-v1.d/ rw, owner /var/lib/*/.gnupg/private-keys-v1.d/ rw,
owner /var/lib/*/.gnupg/private-keys-v1.d/[0-9A-F]*.key rw, owner /var/lib/*/.gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
owner /var/lib/*/.gnupg/S.gpg-agent rw, owner /var/lib/*/.gnupg/S.gpg-agent{,.ssh,.browser,.extra} rw,
owner /var/lib/*/gnupg/ rw, owner /var/lib/*/gnupg/ rw,
owner /var/lib/*/gnupg/private-keys-v1.d/ rw, owner /var/lib/*/gnupg/private-keys-v1.d/ rw,
owner /var/lib/*/gnupg/private-keys-v1.d/[0-9A-F]*.key rw, owner /var/lib/*/gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
owner /var/lib/*/gnupg/S.gpg-agent rw, owner /var/lib/*/gnupg/S.gpg-agent{,.ssh,.browser,.extra} rw,
# For debuild # For debuild
owner /tmp/dpkg-import-key.*/private-keys-v1.d/ w, owner /tmp/dpkg-import-key.*/private-keys-v1.d/ w,

3
apparmor.d/groups/gpg/scdaemon
View file

@ -13,9 +13,12 @@ profile scdaemon @{exec_path} {
network netlink raw, network netlink raw,
signal (send) peer=gpg-agent,
@{exec_path} mr, @{exec_path} mr,
owner @{HOME}/@{XDG_GPG_DIR}/scdaemon.conf r, owner @{HOME}/@{XDG_GPG_DIR}/scdaemon.conf r,
owner @{HOME}/@{XDG_GPG_DIR}/reader_0.status rw,
owner @{run}/user/[0-9]*/gnupg/S.scdaemon rw, owner @{run}/user/[0-9]*/gnupg/S.scdaemon rw,