[selinux-policy: 1389/3172] add rssh, bug 1544
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:05:30 UTC 2010
commit 5540e76ac7daa5c6c0a57e2746ef8e4c1f06c517
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Apr 25 19:17:43 2006 +0000
add rssh, bug 1544
refpolicy/Changelog | 1 +
refpolicy/policy/modules/apps/rssh.fc | 1 +
refpolicy/policy/modules/apps/rssh.if | 143 ++++++++++++++++++++++++++++++
refpolicy/policy/modules/apps/rssh.te | 13 +++
refpolicy/policy/modules/services/ssh.if | 36 ++++++++
refpolicy/policy/modules/services/ssh.te | 10 ++-
6 files changed, 202 insertions(+), 2 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 584bfc6..4c130fe 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -65,6 +65,7 @@
qmail (Petre Rodan)
resmgr
rhgb
+ rssh
snort
soundserver
speedtouch
diff --git a/refpolicy/policy/modules/apps/rssh.fc b/refpolicy/policy/modules/apps/rssh.fc
new file mode 100644
index 0000000..4c091ca
--- /dev/null
+++ b/refpolicy/policy/modules/apps/rssh.fc
@@ -0,0 +1 @@
+/usr/bin/rssh -- gen_context(system_u:object_r:rssh_exec_t,s0)
diff --git a/refpolicy/policy/modules/apps/rssh.if b/refpolicy/policy/modules/apps/rssh.if
new file mode 100644
index 0000000..2a84766
--- /dev/null
+++ b/refpolicy/policy/modules/apps/rssh.if
@@ -0,0 +1,143 @@
+## <summary>Restricted (scp/sftp) only shell</summary>
+
+#######################################
+## <summary>
+## The per user domain template for the rssh module.
+## </summary>
+## <desc>
+## <p>
+## This template creates a derived domains which are used
+## for rssh client sessions. Derived types are also created
+## for read-only and read-write file access.
+## </p>
+## <p>
+## This template is invoked automatically for each user, and
+## generally does not need to be invoked directly
+## by policy writers.
+## </p>
+## </desc>
+## <param name="userdomain_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+#
+template(`rssh_per_userdomain_template',`
+
+ ##############################
+ #
+ # Declarations
+ #
+
+ type $1_rssh_t alias rssh_$1_t, rssh_domain_type;
+ domain_type($1_rssh_t)
+ domain_entry_file($1_rssh_t,rssh_exec_t)
+ domain_user_exemption_target($1_t)
+ domain_interactive_fd($1_rssh_t)
+ role system_r types $1_rssh_t;
+
+ type $1_rssh_devpts_t alias rssh_$1_devpts_t;
+ term_user_pty($1_rssh_t,$1_rssh_devpts_t)
+
+ type $1_rssh_ro_t alias rssh_$1_ro_t, rssh_ro_content_type;
+ userdom_user_home_content($1,$1_rssh_ro_t)
+
+ type $1_rssh_rw_t alias rssh_$1_rw_t;
+ userdom_user_home_content($1,$1_rssh_rw_t)
+
+ ##############################
+ #
+ # Local policy
+ #
+
+ allow $1_rssh_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
+ allow $1_rssh_t self:fd use;
+ allow $1_rssh_t self:fifo_file rw_file_perms;
+ allow $1_rssh_t self:unix_dgram_socket create_socket_perms;
+ allow $1_rssh_t self:unix_stream_socket create_stream_socket_perms;
+ allow $1_rssh_t self:unix_dgram_socket sendto;
+ allow $1_rssh_t self:unix_stream_socket connectto;
+ allow $1_rssh_t self:shm create_shm_perms;
+ allow $1_rssh_t self:sem create_sem_perms;
+ allow $1_rssh_t self:msgq create_msgq_perms;
+ allow $1_rssh_t self:msg { send receive };
+
+ allow $1_rssh_t $1_rssh_devpts_t:chr_file { rw_file_perms setattr };
+ term_create_pty($1_rssh_t,$1_rssh_devpts_t)
+
+ allow $1_rssh_t $1_rssh_ro_t:dir list_dir_perms;
+ allow $1_rssh_t $1_rssh_ro_t:file read_file_perms;
+
+ allow $1_rssh_t $1_rssh_rw_t:dir manage_dir_perms;
+ allow $1_rssh_t $1_rssh_rw_t:file manage_file_perms;
+
+ kernel_read_system_state($1_rssh_t)
+ kernel_read_kernel_sysctls($1_rssh_t)
+
+ files_read_etc_files($1_rssh_t)
+ files_read_etc_runtime_files($1_rssh_t)
+ files_list_home($1_rssh_t)
+ files_read_usr_files($1_rssh_t)
+ files_list_var($1_rssh_t)
+
+ fs_search_auto_mountpoints($1_rssh_t)
+
+ libs_use_ld_so($1_rssh_t)
+ libs_use_shared_libs($1_rssh_t)
+
+ logging_send_syslog_msg($1_rssh_t)
+
+ miscfiles_read_localization($1_rssh_t)
+
+ userdom_use_unpriv_users_fds($1_rssh_t)
+
+ ssh_rw_tcp_sockets($1_rssh_t)
+ ssh_rw_stream_sockets($1_rssh_t)
+
+ optional_policy(`
+ nis_use_ypbind($1_rssh_t)
+ ')
+')
+
+########################################
+## <summary>
+## Transition to all user rssh domains.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`rssh_spec_domtrans_all_users',`
+ gen_require(`
+ attribute rssh_domain_type;
+ type rssh_exec_t;
+ ')
+
+ domain_trans($1,rssh_exec_t,rssh_domain_type)
+ allow rssh_domain_type $1:fd use;
+ allow rssh_domain_type $1:fifo_file rw_file_perms;
+ allow rssh_domain_type $1:process sigchld;
+')
+
+########################################
+## <summary>
+## Read all users rssh read-only content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`rssh_read_all_users_ro_content',`
+ gen_require(`
+ attribute rssh_ro_content_type;
+ ')
+
+ allow $1 rssh_ro_content_type:dir r_dir_perms;
+ allow $1 rssh_ro_content_type:file r_file_perms;
+ allow $1 rssh_ro_content_type:lnk_file { getattr read };
+')
diff --git a/refpolicy/policy/modules/apps/rssh.te b/refpolicy/policy/modules/apps/rssh.te
new file mode 100644
index 0000000..8419801
--- /dev/null
+++ b/refpolicy/policy/modules/apps/rssh.te
@@ -0,0 +1,13 @@
+
+policy_module(rssh,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+attribute rssh_domain_type;
+attribute rssh_ro_content_type;
+
+type rssh_exec_t;
+corecmd_executable_file(rssh_exec_t)
diff --git a/refpolicy/policy/modules/services/ssh.if b/refpolicy/policy/modules/services/ssh.if
index 8d7a188..de3e1b7 100644
--- a/refpolicy/policy/modules/services/ssh.if
+++ b/refpolicy/policy/modules/services/ssh.if
@@ -598,6 +598,42 @@ interface(`ssh_read_pipes',`
########################################
## <summary>
+## Read and write ssh server unix domain stream sockets.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ssh_rw_stream_sockets',`
+ gen_require(`
+ type sshd_t;
+ ')
+
+ allow $1 sshd_t:unix_stream_socket rw_stream_socket_perms;
+')
+
+########################################
+## <summary>
+## Read and write ssh server TCP sockets.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ssh_rw_tcp_sockets',`
+ gen_require(`
+ type sshd_t;
+ ')
+
+ allow $1 sshd_t:tcp_socket rw_stream_socket_perms;
+')
+
+########################################
+## <summary>
## Do not audit attempts to read and write
## ssh server TCP sockets.
## </summary>
diff --git a/refpolicy/policy/modules/services/ssh.te b/refpolicy/policy/modules/services/ssh.te
index 8254d66..fa32d34 100644
--- a/refpolicy/policy/modules/services/ssh.te
+++ b/refpolicy/policy/modules/services/ssh.te
@@ -70,7 +70,7 @@ ifdef(`targeted_policy',`
# sshd_t is the domain for the sshd program.
#
-ifdef(`targeted_policy',`',`
+ifdef(`strict_policy',`
# so a tunnel can point to another ssh tunnel
allow sshd_t self:tcp_socket { acceptfrom connectto recvfrom };
@@ -120,6 +120,12 @@ ifdef(`targeted_policy',`',`
rpm_use_script_fds(sshd_t)
')
+ optional_policy(`
+ rssh_spec_domtrans_all_users(sshd_t)
+ # For reading /home/user/.ssh
+ rssh_read_all_users_ro_content(sshd_t)
+ ')
+
ifdef(`TODO',`
tunable_policy(`ssh_sysadm_login',`
# Relabel and access ptys created by sshd
@@ -151,7 +157,7 @@ ifdef(`targeted_policy',`',`
# sshd_extern_t is the domain for ssh from outside our network
#
-ifdef(`targeted_policy',`',`
+ifdef(`strict_policy',`
ifdef(`TODO',`
domain_trans(sshd_extern_t, shell_exec_t, user_mini_domain)
# Signal the user domains.
More information about the scm-commits
mailing list