Bug 903888 - gpg-agent wants to create ~/.cache/gpg-agent-info
Summary: gpg-agent wants to create ~/.cache/gpg-agent-info
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 18
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-01-25 01:26 UTC by Garrett Holmstrom
Modified: 2013-02-08 02:24 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-02-08 02:24:08 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Garrett Holmstrom 2013-01-25 01:26:34 UTC 
Description of problem:
gpg-agent seems to want to create the file ~/.cache/gpg-agent-info upon login:


type=AVC msg=audit(1359076396.23:356): avc:  denied  { write } for  pid=1681 comm="gpg-agent" name=".cache" dev="dm-1" ino=266 scontext=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:cache_home_t:s0 tclass=dir

type=AVC msg=audit(1359076396.23:356): avc:  denied  { add_name } for  pid=1681 comm="gpg-agent" name="gpg-agent-info" scontext=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:cache_home_t:s0 tclass=dir

type=AVC msg=audit(1359076396.23:356): avc:  denied  { create } for  pid=1681 comm="gpg-agent" name="gpg-agent-info" scontext=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:cache_home_t:s0 tclass=file

type=AVC msg=audit(1359076396.23:356): avc:  denied  { write open } for  pid=1681 comm="gpg-agent" path="/home/gholms/.cache/gpg-agent-info" dev="dm-1" ino=15084 scontext=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:cache_home_t:s0 tclass=file

type=SYSCALL msg=audit(1359076396.23:356): arch=x86_64 syscall=open success=yes exit=ESRCH a0=7fff5538ea91 a1=241 a2=1b6 a3=238 items=0 ppid=1679 pid=1681 auid=1000 uid=1000 gid=100 euid=1000 suid=1000 fsuid=1000 egid=100 sgid=100 fsgid=100 ses=3 tty=(none) comm=gpg-agent exe=/usr/bin/gpg-agent subj=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 key=(null)


type=AVC msg=audit(1359076396.24:357): avc:  denied  { getattr } for  pid=1681 comm="gpg-agent" path="/home/gholms/.cache/gpg-agent-info" dev="dm-1" ino=15084 scontext=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:cache_home_t:s0 tclass=file

type=SYSCALL msg=audit(1359076396.24:357): arch=x86_64 syscall=fstat success=yes exit=0 a0=3 a1=7fff5538d970 a2=7fff5538d970 a3=7fff5538d840 items=0 ppid=1679 pid=1681 auid=1000 uid=1000 gid=100 euid=1000 suid=1000 fsuid=1000 egid=100 sgid=100 fsgid=100 ses=3 tty=(none) comm=gpg-agent exe=/usr/bin/gpg-agent subj=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 key=(null)


Version-Release number of selected component (if applicable):
gnupg2-2.0.19-7.fc18.x86_64
selinux-policy-3.11.1-71.fc18.noarch
Comment 1 Miroslav Grepl 2013-01-25 10:48:23 UTC 
Fixed in selinux-policy-3.11.1-74.fc18.noarch
Comment 2 Fedora Update System 2013-01-31 13:18:53 UTC 
selinux-policy-3.11.1-74.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-74.fc18
Comment 3 Fedora Update System 2013-02-01 16:39:29 UTC 
Package selinux-policy-3.11.1-74.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-74.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-1693/selinux-policy-3.11.1-74.fc18
then log in and leave karma (feedback).
Comment 4 Garrett Holmstrom 2013-02-05 00:25:33 UTC 
selinux-policy-3.11.1-74.fc18 fixes some of them, but not all:

type=AVC msg=audit(1360014098.980:335): avc:  denied  { write } for  pid=1494 comm="gpg-agent" name="gpg-agent-info" dev="dm-1" ino=15084 scontext=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:cache_home_t:s0 tclass=file

type=AVC msg=audit(1360014098.980:335): avc:  denied  { open } for  pid=1494 comm="gpg-agent" path="/home/gholms/.cache/gpg-agent-info" dev="dm-1" ino=15084 scontext=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:cache_home_t:s0 tclass=file

type=SYSCALL msg=audit(1360014098.980:335): arch=x86_64 syscall=open success=yes exit=ESRCH a0=7fffc0347a93 a1=241 a2=1b6 a3=238 items=0 ppid=1492 pid=1494 auid=1000 uid=1000 gid=100 euid=1000 suid=1000 fsuid=1000 egid=100 sgid=100 fsgid=100 ses=2 tty=(none) comm=gpg-agent exe=/usr/bin/gpg-agent subj=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 key=(null)


type=AVC msg=audit(1360014099.9:336): avc:  denied  { getattr } for  pid=1494 comm="gpg-agent" path="/home/gholms/.cache/gpg-agent-info" dev="dm-1" ino=15084 scontext=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:cache_home_t:s0 tclass=file

type=SYSCALL msg=audit(1360014099.9:336): arch=x86_64 syscall=fstat success=yes exit=0 a0=3 a1=7fffc0345ca0 a2=7fffc0345ca0 a3=238 items=0 ppid=1492 pid=1494 auid=1000 uid=1000 gid=100 euid=1000 suid=1000 fsuid=1000 egid=100 sgid=100 fsgid=100 ses=2 tty=(none) comm=gpg-agent exe=/usr/bin/gpg-agent subj=staff_u:staff_r:gpg_agent_t:s0-s0:c0.c1023 key=(null)
Comment 5 Garrett Holmstrom 2013-02-05 00:40:40 UTC 
Sorry; disregard that.  Apparently deleting things from seapplet's list doesn't prevent it from going back and re-adding them, even for events that happened a week ago.  ausearch it is!
Comment 6 Fedora Update System 2013-02-08 02:24:10 UTC 
selinux-policy-3.11.1-74.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.