mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-20 08:55:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profiles): gpg -> gpg{,2}

Browse source
This commit is contained in:
Alexandre Pujol 2023-02-04 19:02:47 +00:00
parent 8dca20c5c6
commit e9d61fb7d9
Failed to generate hash of commit
33 changed files with 62 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/apps/android-studio
View file

@ -74,7 +74,7 @@ profile android-studio @{exec_path} {
/{usr/,}bin/git rPx,
/{usr/,}bin/lsb_release rCx -> lsb-release,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/xdg-open rCx -> open,
/{usr/,}lib/jvm/java-[0-9]*-openjdk-*/jre/bin/* rix,
@ -222,7 +222,7 @@ profile android-studio @{exec_path} {
profile gpg {
include <abstractions/base>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,

4
apparmor.d/groups/apps/atom
View file

@ -73,7 +73,7 @@ profile atom @{exec_path} {
/{usr/,}bin/git rPx,
# Needed to sign commits
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
# /home/ r,
# Reading of the user home dir is required or the following error will be printed:
@ -150,7 +150,7 @@ profile atom @{exec_path} {
include <abstractions/fonts>
include <abstractions/fontconfig-cache-read>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,

2
apparmor.d/groups/apps/code
View file

@ -52,7 +52,7 @@ profile code @{exec_path} {
/{usr/,}bin/git rPUx,
# Needed to sign commits
/{usr/,}bin/gpg rPUx -> gpg,
/{usr/,}bin/gpg{,2} rPUx,
# /home/ r,
# Reading of the user home dir is required or the following error will be printed:

4
apparmor.d/groups/apps/thunderbird
View file

@ -213,7 +213,7 @@ profile thunderbird @{exec_path} {
/usr/share/xul-ext/enigmail/{,**} r,
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpg-connect-agent rCx -> gpg,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
# Allowed apps to open
@ -239,7 +239,7 @@ profile thunderbird @{exec_path} {
network netlink raw,
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpg-connect-agent mr,
/{usr/,}bin/gpgsm mr,
/{usr/,}bin/gpg-agent rix,

4
apparmor.d/groups/apt/apt-key
View file

@ -35,7 +35,7 @@ profile apt-key @{exec_path} {
/{usr/,}bin/wc rix,
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
# Do not strip env to avoid errors like the following:
# ERROR: ld.so: object 'libfakeroot-sysv.so' from LD_PRELOAD cannot be preloaded (cannot open
@ -67,7 +67,7 @@ profile apt-key @{exec_path} {
network inet stream,
network inet6 stream,
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/dirmngr rix,

2
apparmor.d/groups/apt/debsign
View file

@ -48,7 +48,7 @@ profile debsign @{exec_path} {
profile gpg {
include <abstractions/base>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
owner @{HOME}/@{XDG_GPG_DIR}/ r,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,

4
apparmor.d/groups/apt/reportbug
View file

@ -62,7 +62,7 @@ profile reportbug @{exec_path} {
/{usr/,}bin/xdg-open rCx -> open,
/{usr/,}bin/run-parts rCx -> run-parts,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
# For sending additional information
/etc/** r,
@ -113,7 +113,7 @@ profile reportbug @{exec_path} {
profile gpg {
include <abstractions/base>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,

4
apparmor.d/groups/cron/cron-popularity-contest
View file

@ -30,7 +30,7 @@ profile cron-popularity-contest @{exec_path} {
/{usr/,}sbin/getcap rix,
/usr/share/popularity-contest/popcon-upload rCx -> popcon-upload,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}sbin/runuser rCx -> runuser,
/{usr/,}bin/savelog rCx -> savelog,
@ -113,7 +113,7 @@ profile cron-popularity-contest @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/usr/share/popularity-contest/debian-popcon.gpg r,

4
apparmor.d/groups/gnome/gnome-software
View file

@ -36,7 +36,7 @@ profile gnome-software @{exec_path} {
/{usr/,}bin/bwrap rPUx,
/{usr/,}bin/fusermount{,3} rCx -> fusermount,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
/{usr/,}lib/gio-launch-desktop rPx -> child-open,
@ -103,7 +103,7 @@ profile gnome-software @{exec_path} {
profile gpg {
include <abstractions/base>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpgsm mr,

2
apparmor.d/groups/gnome/seahorse
View file

@ -38,7 +38,7 @@ profile seahorse @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/gpgconf rPx,
/{usr/,}bin/gpg rUx,
/{usr/,}bin/gpg{,2} rUx,
/{usr/,}bin/gpgsm rPx,
/usr/share/glib-2.0/schemas/gschemas.compiled r,

2
apparmor.d/groups/pacman/archlinux-keyring-wkd-sync
View file

@ -23,7 +23,7 @@ profile archlinux-keyring-wkd-sync @{exec_path} {
/{usr/,}bin/{m,g,}awk rix,
/{usr/,}bin/bash rix,
/{usr/,}bin/dirmngr rix,
/{usr/,}bin/gpg rix,
/{usr/,}bin/gpg{,2} rix,
/{usr/,}bin/gpg-agent rix,
/{usr/,}bin/pacman-conf rix,

2
apparmor.d/groups/pacman/aurpublish
View file

@ -20,7 +20,7 @@ profile aurpublish @{exec_path} {
/{usr/,}bin/date rix,
/{usr/,}bin/gettext rix,
/{usr/,}bin/git rPx,
/{usr/,}bin/gpg rPUx,
/{usr/,}bin/gpg{,2} rPUx,
/{usr/,}bin/grep rix,
/{usr/,}bin/makepkg rix,
/{usr/,}bin/mkdir rix,

4
apparmor.d/groups/pacman/pacman
View file

@ -45,7 +45,7 @@ profile pacman @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
@ -151,7 +151,7 @@ profile pacman @{exec_path} {
capability dac_read_search,
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpgsm mr,

4
apparmor.d/groups/pacman/pacman-key
View file

@ -21,7 +21,7 @@ profile pacman-key @{exec_path} {
/{usr/,}bin/chmod rix,
/{usr/,}bin/{m,g,}awk rix,
/{usr/,}bin/gettext rix,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/grep rix,
/{usr/,}bin/pacman-conf rPx,
/{usr/,}bin/touch rix,
@ -45,7 +45,7 @@ profile pacman-key @{exec_path} {
capability dac_read_search,
capability mknod,
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/dirmngr rix,
/{usr/,}bin/gpg-agent rix,

2
apparmor.d/profiles-a-f/browserpass
View file

@ -15,7 +15,7 @@ profile browserpass @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/{usr/,}bin/gpg rUx,
/{usr/,}bin/gpg{,2} rUx,
owner @{HOME}/.password-store/{,**} r,
owner @{HOME}/.mozilla/firefox/[0-9a-z]*.*/.parentlock rw,

4
apparmor.d/profiles-a-f/changestool
View file

@ -12,7 +12,7 @@ profile changestool @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
@ -25,7 +25,7 @@ profile changestool @{exec_path} {
profile gpg {
include <abstractions/base>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpgsm mr,

4
apparmor.d/profiles-a-f/claws-mail
View file

@ -25,7 +25,7 @@ profile claws-mail @{exec_path} flags=(complain) {
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/which{,.debianutils} rix,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
/{usr/,}bin/gpgconf rCx -> gpg,
@ -69,7 +69,7 @@ profile claws-mail @{exec_path} flags=(complain) {
profile gpg {
include <abstractions/base>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgsm mr,
/{usr/,}bin/gpgconf mr,

4
apparmor.d/profiles-a-f/dino-im
View file

@ -26,7 +26,7 @@ profile dino-im @{exec_path} {
@{exec_path} mr,
# Needed for GPG/PGP support
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
@ -41,7 +41,7 @@ profile dino-im @{exec_path} {
profile gpg {
include <abstractions/base>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpgsm mr,

4
apparmor.d/profiles-a-f/etckeeper
View file

@ -28,7 +28,7 @@ profile etckeeper @{exec_path} {
/{usr/,}bin/find rix,
/{usr/,}bin/getent rix,
/{usr/,}bin/git* rix,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/hostname rix,
/{usr/,}bin/mkdir rix,
/{usr/,}bin/mktemp rix,
@ -67,7 +67,7 @@ profile etckeeper @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpg-agent rPx,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,

4
apparmor.d/profiles-a-f/execute-dput
View file

@ -20,7 +20,7 @@ profile execute-dput @{exec_path} flags=(complain) {
/{usr/,}bin/dpkg rPx -> child-dpkg,
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
/usr/share/dput/{,**} r,
@ -41,7 +41,7 @@ profile execute-dput @{exec_path} flags=(complain) {
include <abstractions/base>
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgsm mr,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,

4
apparmor.d/profiles-a-f/flatpak-system-helper
View file

@ -28,7 +28,7 @@ profile flatpak-system-helper @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/bwrap rPUx,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
/{usr/,}lib/revokefs-fuse rix,
@ -52,7 +52,7 @@ profile flatpak-system-helper @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpgsm mr,

4
apparmor.d/profiles-a-f/fwupd
View file

@ -67,7 +67,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
/{usr/,}lib/fwupd/fwupd-detect-cet rix,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
@ -143,7 +143,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
capability dac_read_search,
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpgsm mr,
/{usr/,}bin/gpg-agent mr,

4
apparmor.d/profiles-g-l/gajim
View file

@ -45,7 +45,7 @@ profile gajim @{exec_path} {
/{usr/,}bin/pacat rix,
# Needed for GPG/PGP support
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
@ -123,7 +123,7 @@ profile gajim @{exec_path} {
profile gpg {
include <abstractions/base>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpgsm mr,

4
apparmor.d/profiles-g-l/git
View file

@ -70,7 +70,7 @@ profile git @{exec_path} {
/{usr/,}lib/code/extensions/git/dist/git-editor.sh rPx,
/usr/share/aurpublish/*.hook rPx,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/ssh rCx -> ssh,
/{usr/,}bin/sensible-editor rCx -> editor,
/{usr/,}bin/vim rCx -> editor,
@ -108,7 +108,7 @@ profile git @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpg-agent rPx,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,

2
apparmor.d/profiles-g-l/gpa
View file

@ -20,7 +20,7 @@ profile gpa @{exec_path} {
/{usr/,}bin/gpgconf rPx,
/{usr/,}bin/gpg-connect-agent rPx,
/{usr/,}bin/gpg rPx,
/{usr/,}bin/gpg{,2} rPx,
/{usr/,}bin/gpgsm rPx,
/usr/share/gpa/{,*} r,

4
apparmor.d/profiles-g-l/kwalletd5
View file

@ -56,7 +56,7 @@ profile kwalletd5 @{exec_path} {
# For GPG encrypted wallets
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
@ -64,7 +64,7 @@ profile kwalletd5 @{exec_path} {
include <abstractions/base>
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgsm mr,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,

9
apparmor.d/profiles-m-r/packagekitd
View file

@ -80,7 +80,7 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
@ -127,9 +127,10 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
capability dac_read_search,
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpgsm mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpgsm mr,
@{HOME}/@{XDG_GPG_DIR}/*.conf r,

4
apparmor.d/profiles-m-r/psi
View file

@ -40,7 +40,7 @@ profile psi @{exec_path} {
/{usr/,}bin/xdg-open rCx -> open,
# Needed for GPG/PGP support
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
# Needed for playing sound events
/{usr/,}bin/aplay rCx -> aplay,
@ -120,7 +120,7 @@ profile psi @{exec_path} {
profile gpg {
include <abstractions/base>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,

4
apparmor.d/profiles-m-r/psi-plus
View file

@ -40,7 +40,7 @@ profile psi-plus @{exec_path} {
/{usr/,}bin/xdg-open rCx -> open,
# Needed for GPG/PGP support
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
# Needed for playing sound events
/{usr/,}bin/aplay rCx -> aplay,
@ -120,7 +120,7 @@ profile psi-plus @{exec_path} {
profile gpg {
include <abstractions/base>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,

4
apparmor.d/profiles-m-r/repo
View file

@ -35,7 +35,7 @@ profile repo @{exec_path} {
/{usr/,}lib/git-core/git-* rix,
/{usr/,}bin/curl rCx -> curl,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/ssh rPx,
# Android source dir
@ -77,7 +77,7 @@ profile repo @{exec_path} {
profile gpg {
include <abstractions/base>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
owner @{HOME}/.repoconfig/gnupg/** rwkl -> @{HOME}/.repoconfig/gnupg/**,

4
apparmor.d/profiles-m-r/reprepro
View file

@ -15,7 +15,7 @@ profile reprepro @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
owner @{PROC}/@{pid}/fd/ r,
@ -59,7 +59,7 @@ profile reprepro @{exec_path} {
include <abstractions/base>
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgsm mr,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,

4
apparmor.d/profiles-s-z/update-smart-drivedb
View file

@ -29,7 +29,7 @@ profile update-smart-drivedb @{exec_path} {
/{usr/,}{s,}bin/ r,
/{usr/,}{s,}bin/smartctl rPx,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/wget rCx -> browse,
/{usr/,}bin/curl rCx -> browse,
/{usr/,}bin/lynx rCx -> browse,
@ -46,7 +46,7 @@ profile update-smart-drivedb @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpg-agent rix,

4
apparmor.d/profiles-s-z/uscan
View file

@ -44,7 +44,7 @@ profile uscan @{exec_path} {
/usr/share/*/debian/ r,
/usr/share/*/debian/changelog r,
/{usr/,}bin/gpg rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgv rCx -> gpg,
/etc/dpkg/origins/debian r,
@ -62,7 +62,7 @@ profile uscan @{exec_path} {
profile gpg {
include <abstractions/base>
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgv mr,
owner @{HOME}/@{XDG_GPG_DIR}/gpg.conf r,