[selinux-policy: 412/3172] move ssh tunables into global_tunables

[Daniel J Walsh]

commit 45239964e5f2a3f12c201062d1ae40471ce5ba0f
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Jun 23 19:57:15 2005 +0000

    move ssh tunables into global_tunables

 refpolicy/policy/global_tunables         |    6 ++++++
 refpolicy/policy/modules/services/ssh.te |    6 +-----
 2 files changed, 7 insertions(+), 5 deletions(-)
---
diff --git a/refpolicy/policy/global_tunables b/refpolicy/policy/global_tunables
index bfabd20..3571a4a 100644
--- a/refpolicy/policy/global_tunables
+++ b/refpolicy/policy/global_tunables
@@ -40,6 +40,9 @@ gen_tunable(fcron_crond,false)
 ## </tunable>
 gen_tunable(read_default_t,false)
 
+## Allow ssh to run from inetd instead of as a daemon.
+gen_tunable(run_ssh_inetd,false)
+
 ## <tunable name="secure_mode" dftval="false">
 ##	Enabling secure mode disallows programs, such as
 ##	newrole, from transitioning to administrative
@@ -47,6 +50,9 @@ gen_tunable(read_default_t,false)
 ## </tunable>
 gen_bool(secure_mode,false)
 
+## Allow ssh logins as sysadm_r:sysadm_t
+gen_tunable(ssh_sysadm_login,false)
+
 ## <tunable name="staff_read_sysadm_file" dftval="false">
 ##	Allow staff_r users to search the sysadm home 
 ##	dir and read files (such as ~/.bashrc)
diff --git a/refpolicy/policy/modules/services/ssh.te b/refpolicy/policy/modules/services/ssh.te
index 2c6e0de..6ac8926 100644
--- a/refpolicy/policy/modules/services/ssh.te
+++ b/refpolicy/policy/modules/services/ssh.te
@@ -6,11 +6,7 @@ policy_module(ssh,1.0)
 # Declarations
 #
 
-# Allow ssh logins as sysadm_r:sysadm_t
-bool ssh_sysadm_login false;
-
-# Allow ssh to run from inetd instead of as a daemon.
-bool run_ssh_inetd false;
+attribute ssh_server;
 
 # Type for the ssh-agent executable.
 type ssh_agent_exec_t;