Layer: apps

Module: gpg

Tunables Templates

Description:

Policy for GNU Privacy Guard and related programs.


Tunables:

gpg_agent_env_file
Default value

false

Description

Allow usage of the gpg-agent --write-env-file option. This also allows gpg-agent to manage user files.

Return

Templates:

gpg_domtrans_user_gpg( userdomain_prefix , domain )
Summary

Transition to a user gpg domain.

Description

Transition to a user gpg domain.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
gpg_per_role_template( userdomain_prefix , userdomain , role )
Summary

The per role template for the gpg module.

Description

This template creates the types and rules for GPG, GPG-agent, and GPG helper programs. This protects the user keys and secrets, and runs the programs in domains specific to the user type.

This is invoked automatically for each user and generally does not need to be invoked directly by policy writers.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
userdomain

The user domain.

No
role

The role associated with the user.

No
gpg_signal_user_gpg( userdomain_prefix , domain )
Summary

Send generic signals to user gpg processes.

Description

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix

The prefix of the user domain (e.g., user is the prefix for user_t).

No
domain

Domain allowed access.

No
Return