-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/06/2011 03:32 PM, Christoph A. wrote:
On 06/06/2011 09:23 PM, Christoph A. wrote:
> On 06/04/2011 03:10 AM, Christoph A. wrote:
>> "Could not start the gpg-agent program which is needed for you GnuPG
>> version denied."
> starting thunderbird with gpg-agent like this:
> sandbox -X -t sandbox_net_t -H tb gpg-agent --daemon thunderbird
> seams to solve the first error.
> Next error:
> Error - encryption command failed
> /usr/bin/gpg --charset utf8 .... --list-secret-keys
> gpg: fatal: can't disable core dumps: Permission denied
> secmem usage: 0/0 bytes in 0/0 blocks of pool 0/0
> getsebool -a|grep -i dump
> allow_daemons_dump_core --> on
> So gpg is not allowed to disable coredumps.
> Is this a policy bug?
> (no AVCs)
> How can I allow gpg to disable core dumps?
something similar to [1] is probably needed for sandbox_net_t too.
allow sandbox_net_t self:process setrlimit;
correct?
[1]
https://bugzilla.redhat.com/show_bug.cgi?id=610812 - --
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
I am not sure what the ramifications of allowing a sandbox app to modify
its hard limits. Currently no sandboxes are allowed this access.
You can add a custom policy to allow this.
I guess if you or someone else can make a compelling argument I can add
this access or a boolean to add this access.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk3uHsEACgkQrlYvE4MpobM9UgCglm0Nf35S1ISlZLoLoEgwObcD
x6sAn0CQJln/PVoe0PEnDsctztiUqiRc
=7EQq
-----END PGP SIGNATURE-----