[selinux-policy/f15/master] Add ssh_run_keygen() interface
Miroslav Grepl
mgrepl at fedoraproject.org
Tue Mar 8 13:51:24 UTC 2011
commit fad9f5c9ba12995dc79fe52acd805ceb712e6ab9
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Tue Mar 8 14:51:20 2011 +0000
Add ssh_run_keygen() interface
policy-F15.patch | 39 ++++++++++++++++++++++++++++++++++++---
1 files changed, 36 insertions(+), 3 deletions(-)
---
diff --git a/policy-F15.patch b/policy-F15.patch
index daa57e6..96ddb3f 100644
--- a/policy-F15.patch
+++ b/policy-F15.patch
@@ -39242,7 +39242,7 @@ index 078bcd7..2d60774 100644
+/root/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+/root/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
-index 22adaca..2cfaf93 100644
+index 22adaca..d9913e0 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -32,10 +32,10 @@
@@ -39508,7 +39508,40 @@ index 22adaca..2cfaf93 100644
files_search_pids($1)
')
-@@ -695,7 +726,7 @@ interface(`ssh_dontaudit_read_server_keys',`
+@@ -680,6 +711,32 @@ interface(`ssh_domtrans_keygen',`
+ domtrans_pattern($1, ssh_keygen_exec_t, ssh_keygen_t)
+ ')
+
++#######################################
++## <summary>
++## Execute ssh-keygen in the iptables domain, and
++## allow the specified role the ssh-keygen domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## Role allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`ssh_run_keygen',`
++ gen_require(`
++ type ssh_keygen_t;
++ ')
++
++ role $2 types ssh_keygen_t;
++ ssh_domtrans_keygen($1)
++')
++
+ ########################################
+ ## <summary>
+ ## Read ssh server keys
+@@ -695,7 +752,7 @@ interface(`ssh_dontaudit_read_server_keys',`
type sshd_key_t;
')
@@ -39517,7 +39550,7 @@ index 22adaca..2cfaf93 100644
')
######################################
-@@ -735,3 +766,21 @@ interface(`ssh_delete_tmp',`
+@@ -735,3 +792,21 @@ interface(`ssh_delete_tmp',`
files_search_tmp($1)
delete_files_pattern($1, sshd_tmp_t, sshd_tmp_t)
')
More information about the scm-commits
mailing list