Description of problem: I was trying to sign a file in my public_html directory with gpg but was getting permission denied errors. It seems that gpg should have permission to pretty much every normal file under ${HOME}, as you could potentially want to sign anything. Version-Release number of selected component (if applicable): policy-1.11.2-18 gnupg-1.2.4-2.1 How reproducible: Always Steps to Reproduce: 1. gpg -ab /home/gary/public_html/elmer/foaf.rdf 2. Enter your secret key password Actual results: gpg: can't open foaf.rdf: Permission denied gpg: signing failed: file open error Expected results: File gets signed successfully. Additional info: The following message was in /var/log/messages: audit(1083266767.282:0): avc: denied { search } for pid=8845 exe=/usr/bin/gpg name=elmer dev=dm-1 ino=117010 scontext=user_u:user_r:user_gpg_t tcontext=system_u:object_r:httpd_user_content_t tclass=dir $ ls -l /home/gary/public_html/elmer/foaf.rdf -rw-r--r-- 1 gary gary 3500 Apr 29 15:39 /home/gary/public_html/elmer/foaf.rdf $ ls -Z /home/gary/public_html/elmer/foaf.rdf -rw-r--r--+ gary gary user_u:object_r:httpd_user_content_t /home/gary/public_html/elmer/foaf.rdf $ ls -Zd /home/gary/public_html/elmer drwxr-xr-x+ gary gary system_u:object_r:httpd_user_content_t /home/gary/public_html/elmer
Fixed in selinux-policy-strict-1.18.2-2