Hi,
I've ported my rssh policy to the FC2 strict policy; it required some
changes to allow sshd to enter the domain (the "userdomain" attribute),
and to make pty labeling work correctly (can_create_pty and
type_change). I'm a little unsure about making this domain be a
userdomain, there are a lot of implications from that. But I think it
was the constraints that were stopping sshd from entering it.
It probably doesn't make sense to include this in the Fedora policy at
the moment since we don't ship rssh in Fedora, but maybe others here
will find this useful.
Although, come to think of it, this approach would probably be a good
way to restrict cvs+ssh too, which is a fairly common setup.
Show replies by date