[selinux-policy: 460/3172] add missing ssh file contexts

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 19:44:27 UTC 2010 

commit bb32544d61afc26a5a570cfa005c2b64beb74708
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Jul 6 15:59:54 2005 +0000

    add missing ssh file contexts

 refpolicy/policy/modules/services/ssh.fc        |   16 ++++++++++++++++
 refpolicy/policy/modules/system/corecommands.fc |    9 +++++++++
 2 files changed, 25 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/ssh.fc b/refpolicy/policy/modules/services/ssh.fc
index e69de29..7dde1fd 100644
--- a/refpolicy/policy/modules/services/ssh.fc
+++ b/refpolicy/policy/modules/services/ssh.fc
@@ -0,0 +1,16 @@
+/etc/ssh/primes			--	system_u:object_r:sshd_key_t
+/etc/ssh/ssh_host_key 		--	system_u:object_r:sshd_key_t
+/etc/ssh/ssh_host_dsa_key	--	system_u:object_r:sshd_key_t
+/etc/ssh/ssh_host_rsa_key	--	system_u:object_r:sshd_key_t
+
+/usr/bin/ssh			--	system_u:object_r:ssh_exec_t
+/usr/bin/ssh-agent		--	system_u:object_r:ssh_agent_exec_t
+/usr/bin/ssh-keygen		--	system_u:object_r:ssh_keygen_exec_t
+
+/usr/sbin/sshd			--	system_u:object_r:sshd_exec_t
+
+/var/run/sshd\.init\.pid	--	system_u:object_r:sshd_var_run_t
+
+ifdef(`targeted_policy', `', `
+HOME_DIR/\.ssh(/.*)?			system_u:object_r:ROLE_home_ssh_t
+')
diff --git a/refpolicy/policy/modules/system/corecommands.fc b/refpolicy/policy/modules/system/corecommands.fc
index d1cf6c3..4fe103f 100644
--- a/refpolicy/policy/modules/system/corecommands.fc
+++ b/refpolicy/policy/modules/system/corecommands.fc
@@ -60,14 +60,23 @@ ifdef(`distro_gentoo', `
 
 /usr(/.*)?/sbin(/.*)?		context_template(system_u:object_r:sbin_t,s0)
 
+/usr/lib(64)?/sftp-server --	context_template(system_u:object_r:bin_t,s0)
+
 /usr/lib(64)?/emacsen-common/.*	context_template(system_u:object_r:bin_t,s0)
 
+/usr/lib(64)?/misc/sftp-server	--	context_template(system_u:object_r:bin_t,s0)
+
+ifdef(`distro_suse', `
+/usr/lib(64)?/ssh/.*		--	context_template(system_u:object_r:bin_t,s0)
+')
+
 /usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird	-- context_template(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- context_template(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/[^/]*thunderbird[^/]*/run-mozilla\.sh -- context_template(system_u:object_r:bin_t,s0)
 /usr/lib(64)?/[^/]*thunderbird[^/]*/mozilla-xremote-client -- context_template(system_u:object_r:bin_t,s0)
 
 /usr/libexec(/.*)?		context_template(system_u:object_r:bin_t,s0)
+/usr/libexec/openssh/sftp-server -- context_template(system_u:object_r:bin_t,s0)
 
 /usr/sbin/sesh		--	context_template(system_u:object_r:shell_exec_t,s0)

More information about the scm-commits mailing list