Layer: apps

Module: gpg

Tunables Interfaces Templates

Description:

Policy for GNU Privacy Guard and related programs.

Tunables:

gpg_agent_env_file

Default value

false

Description

Determine whether GPG agent can manage generic user home content files. This is required by the --write-env-file option.

gpg_agent_use_card

Default value

false

Description

Determine whether GPG agent can use OpenPGP cards or Yubikeys over USB

gpg_manage_all_user_content

Default value

false

Description

Grant the gpg domains manage rights on all user content

gpg_manage_generic_user_content

Default value

false

Description

Grant the gpg domains manage rights on generic user content

gpg_read_all_user_content

Default value

false

Description

Grant the gpg domains read access to all user content

gpg_read_generic_user_content

Default value

true

Description

Grant the gpg domains read access to generic user content

Return

Interfaces:

gpg_agent_tmp_filetrans(
	
		domain
		
			,
		
		file_type
		
			,
		
		class
		
			,
		
		name
		
	)

Summary

filetrans in gpg_agent_tmp_t dirs

Parameters

Parameter:	Description:
domain	Domain allowed access.
file_type	Type to which the created node will be transitioned.
class	Object class(es) (single or set including {}) for which this the transition will occur.
name	The name of the object being created.

gpg_agent_tmp_unlink_sock(
	
		domain
		
	)

Summary

unlink gpg_agent_tmp_t sock_file

Parameters

Parameter:	Description:
domain	Domain allowed access.

gpg_domtrans(
	
		domain
		
	)

Summary

Execute the gpg in the gpg domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

gpg_dontaudit_exec_agent(
	
		domain
		
	)

Summary

Do not audit attempts to execute the gpg-agent.

Parameters

Parameter:	Description:
domain	Domain to not audit.

gpg_dontaudit_search_user_secrets(
	
		domain
		
	)

Summary

Do not audit attempts to search gpg user secrets.

Parameters

Parameter:	Description:
domain	Domain to not audit.

gpg_enter_user_gpg_agent_domain(
	
		domain
		
			,
		
		domain
		
	)

Summary

Transition to $2_gpg_agent_t from another domain via gpg_agent_exec_t

Parameters

Parameter:	Description:
domain	source domain
domain	base of target domain

gpg_entry_type(
	
		domain
		
	)

Summary

Make gpg executable files an entrypoint for the specified domain.

Parameters

Parameter:	Description:
domain	The domain for which gpg_exec_t is an entrypoint.

gpg_exec(
	
		domain
		
	)

Summary

Execute the gpg in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

gpg_exec_agent(
	
		domain
		
	)

Summary

Execute the gpg-agent in the caller domain.

Parameters

Parameter:	Description:
domain	Domain allowed access.

gpg_list_user_secrets(
	
		domain
		
	)

Summary

List gpg user secrets.

Parameters

Parameter:	Description:
domain	Domain allowed access.

gpg_pinentry_dbus_chat(
	
		domain
		
	)

Summary

Send messages to and from gpg pinentry over DBUS.

Parameters

Parameter:	Description:
domain	Domain allowed access.

gpg_runtime_filetrans(
	
		domain
		
			,
		
		file_type
		
			,
		
		class
		
			,
		
		name
		
	)

Summary

filetrans in gpg_runtime_t dirs

Parameters

Parameter:	Description:
domain	Domain allowed access.
file_type	Type to which the created node will be transitioned.
class	Object class(es) (single or set including {}) for which this the transition will occur.
name	The name of the object being created.

gpg_rw_agent_pipes(
	
		domain
		
	)

Summary

Read and write gpg agent pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

gpg_search_agent_tmp_dirs(
	
		domain
		
	)

Summary

Search gpg agent dirs.

Parameters

Parameter:	Description:
domain	Domain allowed access.

gpg_secret_filetrans(
	
		domain
		
			,
		
		file_type
		
			,
		
		class
		
			,
		
		name
		
	)

Summary

filetrans in gpg_secret_t dirs

Parameters

Parameter:	Description:
domain	Domain allowed access.
file_type	Type to which the created node will be transitioned.
class	Object class(es) (single or set including {}) for which this the transition will occur.
name	The name of the object being created.

gpg_signal(
	
		domain
		
	)

Summary

Send generic signals to gpg.

Parameters

Parameter:	Description:
domain	Domain allowed access.

gpg_spec_domtrans(
	
		source_domain
		
			,
		
		target_domain
		
	)

Summary

Execute gpg in a specified domain.

Description

Execute gpg in a specified domain.

No interprocess communication (signals, pipes, etc.) is provided by this interface since the domains are not owned by this module.

Parameters

Parameter:	Description:
source_domain	Domain allowed to transition.
target_domain	Domain to transition to.

gpg_stream_connect_agent(
	
		domain
		
	)

Summary

Connect to gpg agent socket

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return

Templates:

gpg_role(
	
		role_prefix
		
			,
		
		user_domain
		
			,
		
		user_exec_domain
		
			,
		
		role
		
	)

Summary

Role access for gpg.

Parameters

Parameter:	Description:
role_prefix	The prefix of the user role (e.g., user is the prefix for user_r).
user_domain	User domain for the role.
user_exec_domain	User exec domain for execute and transition access.
role	Role allowed access

Return