[selinux-policy: 412/3172] move ssh tunables into global_tunables
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:40:23 UTC 2010
commit 45239964e5f2a3f12c201062d1ae40471ce5ba0f
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Jun 23 19:57:15 2005 +0000
move ssh tunables into global_tunables
refpolicy/policy/global_tunables | 6 ++++++
refpolicy/policy/modules/services/ssh.te | 6 +-----
2 files changed, 7 insertions(+), 5 deletions(-)
---
diff --git a/refpolicy/policy/global_tunables b/refpolicy/policy/global_tunables
index bfabd20..3571a4a 100644
--- a/refpolicy/policy/global_tunables
+++ b/refpolicy/policy/global_tunables
@@ -40,6 +40,9 @@ gen_tunable(fcron_crond,false)
## </tunable>
gen_tunable(read_default_t,false)
+## Allow ssh to run from inetd instead of as a daemon.
+gen_tunable(run_ssh_inetd,false)
+
## <tunable name="secure_mode" dftval="false">
## Enabling secure mode disallows programs, such as
## newrole, from transitioning to administrative
@@ -47,6 +50,9 @@ gen_tunable(read_default_t,false)
## </tunable>
gen_bool(secure_mode,false)
+## Allow ssh logins as sysadm_r:sysadm_t
+gen_tunable(ssh_sysadm_login,false)
+
## <tunable name="staff_read_sysadm_file" dftval="false">
## Allow staff_r users to search the sysadm home
## dir and read files (such as ~/.bashrc)
diff --git a/refpolicy/policy/modules/services/ssh.te b/refpolicy/policy/modules/services/ssh.te
index 2c6e0de..6ac8926 100644
--- a/refpolicy/policy/modules/services/ssh.te
+++ b/refpolicy/policy/modules/services/ssh.te
@@ -6,11 +6,7 @@ policy_module(ssh,1.0)
# Declarations
#
-# Allow ssh logins as sysadm_r:sysadm_t
-bool ssh_sysadm_login false;
-
-# Allow ssh to run from inetd instead of as a daemon.
-bool run_ssh_inetd false;
+attribute ssh_server;
# Type for the ssh-agent executable.
type ssh_agent_exec_t;
More information about the scm-commits
mailing list