Remove shell automatic domain transitions to unconfined_t from various pam login programs
I think these may have been adopted from the old Red Hat targeted policy (that model only had unconfined users) Some aspect to note: 1. The ssh_sysadm_login boolean now applies to unconfined_t as well 2. remotelogin only allows unpriv logins The rshd module also calls unconfined_shell_domtrans() but I ignored that one because that policy currently does not have support for manual transitions with pam_selinux. Signed-off-by: Dominick Grift <dac.override@gmail.com>
This commit is contained in:
parent
51c4812c23
commit
210b64f10a
|
@ -91,10 +91,6 @@ optional_policy(`
|
||||||
telnet_use_ptys(remote_login_t)
|
telnet_use_ptys(remote_login_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
unconfined_shell_domtrans(remote_login_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
usermanage_read_crack_db(remote_login_t)
|
usermanage_read_crack_db(remote_login_t)
|
||||||
')
|
')
|
||||||
|
|
|
@ -329,10 +329,6 @@ optional_policy(`
|
||||||
systemd_dbus_chat_logind(sshd_t)
|
systemd_dbus_chat_logind(sshd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
unconfined_shell_domtrans(sshd_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
xserver_domtrans_xauth(sshd_t)
|
xserver_domtrans_xauth(sshd_t)
|
||||||
xserver_link_xdm_keys(sshd_t)
|
xserver_link_xdm_keys(sshd_t)
|
||||||
|
|
|
@ -204,10 +204,6 @@ optional_policy(`
|
||||||
systemd_write_inherited_logind_sessions_pipes(local_login_t)
|
systemd_write_inherited_logind_sessions_pipes(local_login_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
unconfined_shell_domtrans(local_login_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
usermanage_read_crack_db(local_login_t)
|
usermanage_read_crack_db(local_login_t)
|
||||||
')
|
')
|
||||||
|
|
Loading…
Reference in New Issue