Description of problem: icon@hagrid:[~]$ gpg --list-keys gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: fatal: /home/einstein/staff/icon/.gnupg: can't create directory: Permission denied secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 icon@hagrid:[~]$ ls -ld .gnupg drwxrwxr-x 2 icon icon 4096 Mar 29 14:00 .gnupg/ icon@hagrid:[~]$ pwd /home/einstein/staff/icon The following lands in /var/log/messages: Mar 29 16:18:54 hagrid kernel: audit(1080595134.292:0): avc: denied { search } for pid=17491 exe=/usr/bin/gpg dev= ino=2648 scontext=user_u:user_r:user_gpg_t tcontext=system_u:object_r:autofs_t tclass=dir Version-Release number of selected component (if applicable): icon@hagrid:[~]$ rpm -q gnupg gnupg-0:1.2.4-2.1.i386 How reproducible: Always Steps to Reproduce: 1. Issue any gpg command. Actual results: Fails with "unable to create .gnupg directory: permission denied" Expected results: Should function. Additional info: Looks like the default policy for gpg needs to be corrected.
Similar problem here. I couldn't generate new key: -->-->-->-->-->-->-->-->-->-->-->-->-->-->-->-->-->-->-->-->-->-->--> [chennan@localhost chennan]$ gpg --gen-key gpg (GnuPG) 1.2.4; Copyright (C) 2003 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) RSA (sign only) Your selection? DSA keypair will have 1024 bits. About to generate a new ELG-E keypair. minimum keysize is 768 bits default keysize is 1024 bits highest suggested keysize is 2048 bits What keysize do you want? (1024) Requested keysize is 1024 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct (y/n)? y You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh>" Real name: Foo Bar Email address: fb Comment: You selected this USER-ID: "Foo Bar <fb>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. passphrase not correctly repeated; try again. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ++++++++++.+++++.+++++++++++++++.+++++..+++++++++++++++.+++++.++++++++++.+++++++++++++++++++++++++..++++++++++.++++++++++..++++++++++..+++++++++++++++........+++++ gpg: fatal: can't open /dev/random: Permission denied secmem usage: 2208/2240 bytes in 6/7 blocks of pool 2240/32768
Fixed in policy-1.11.1-2
Fixed in current release