The kerberos_keytab_template() template is deprecated: Breaks monolithic built (out-of-scope)

This keytab functionality should be re-evaluated because it does not
make sense in its current implementation

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>

policy/modules/services/ssh.te

@@ -74,6 +74,9 @@ typealias ssh_home_t alias { home_ssh_t user_ssh_home_t user_home_ssh_t staff_ho
 typealias ssh_home_t alias { auditadm_home_ssh_t secadm_home_ssh_t };
 userdom_user_home_content(ssh_home_t)
 
+type sshd_keytab_t;
+files_type(sshd_keytab_t)
+
 ##############################
 #
 # SSH client local policy
@@ -224,6 +227,8 @@ optional_policy(`
 allow sshd_t self:netlink_route_socket r_netlink_socket_perms;
 allow sshd_t self:key { search link write };
 
+allow sshd_t sshd_keytab_t:file read_file_perms;
+
 manage_dirs_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
 manage_files_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
 manage_sock_files_pattern(sshd_t, sshd_tmp_t, sshd_tmp_t)
@@ -261,7 +266,8 @@ optional_policy(`
 ')
 
 optional_policy(`
-	kerberos_keytab_template(sshd, sshd_t)
+	kerberos_read_keytab(sshd_t)
+	kerberos_use(sshd_t)
 ')
 
 optional_policy(`