[selinux-policy/f15/master] Add ssh_run_keygen() interface

Miroslav Grepl mgrepl at fedoraproject.org
Tue Mar 8 13:51:24 UTC 2011 

commit fad9f5c9ba12995dc79fe52acd805ceb712e6ab9
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Tue Mar 8 14:51:20 2011 +0000

    Add ssh_run_keygen() interface

 policy-F15.patch |   39 ++++++++++++++++++++++++++++++++++++---
 1 files changed, 36 insertions(+), 3 deletions(-)
---
diff --git a/policy-F15.patch b/policy-F15.patch
index daa57e6..96ddb3f 100644
--- a/policy-F15.patch
+++ b/policy-F15.patch
@@ -39242,7 +39242,7 @@ index 078bcd7..2d60774 100644
 +/root/\.ssh(/.*)?			gen_context(system_u:object_r:ssh_home_t,s0)
 +/root/\.shosts				gen_context(system_u:object_r:ssh_home_t,s0)
 diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
-index 22adaca..2cfaf93 100644
+index 22adaca..d9913e0 100644
 --- a/policy/modules/services/ssh.if
 +++ b/policy/modules/services/ssh.if
 @@ -32,10 +32,10 @@
@@ -39508,7 +39508,40 @@ index 22adaca..2cfaf93 100644
  	files_search_pids($1)
  ')
  
-@@ -695,7 +726,7 @@ interface(`ssh_dontaudit_read_server_keys',`
+@@ -680,6 +711,32 @@ interface(`ssh_domtrans_keygen',`
+ 	domtrans_pattern($1, ssh_keygen_exec_t, ssh_keygen_t)
+ ')
+ 
++#######################################
++## <summary>
++##  Execute ssh-keygen in the iptables domain, and
++##  allow the specified role the ssh-keygen domain.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed to transition.
++##  </summary>
++## </param>
++## <param name="role">
++##  <summary>
++##  Role allowed access.
++##  </summary>
++## </param>
++## <rolecap/>
++#
++interface(`ssh_run_keygen',`
++    gen_require(`
++        type ssh_keygen_t;
++    ')
++
++	role $2 types ssh_keygen_t;
++	ssh_domtrans_keygen($1)
++')
++
+ ########################################
+ ## <summary>
+ ##	Read ssh server keys
+@@ -695,7 +752,7 @@ interface(`ssh_dontaudit_read_server_keys',`
  		type sshd_key_t;
  	')
  
@@ -39517,7 +39550,7 @@ index 22adaca..2cfaf93 100644
  ')
  
  ######################################
-@@ -735,3 +766,21 @@ interface(`ssh_delete_tmp',`
+@@ -735,3 +792,21 @@ interface(`ssh_delete_tmp',`
  	files_search_tmp($1)
  	delete_files_pattern($1, sshd_tmp_t, sshd_tmp_t)
  ')

More information about the scm-commits mailing list