Label OpenSSH files correctly on Arch Linux

On Arch Linux, OpenSSH installs these binary files in /usr/lib/ssh:

* sftp-server (labeled with ssh_keysign_exec_t type in refpolicy)
* ssh-askpass (symlink to x11-ssh-askpass)
* ssh-keysign
* ssh-pkcs11-helper
* x11-ssh-askpass (from x11-ssh-askpass package)

Label all these files but sftp-server as bin_t.
This commit is contained in:
Nicolas Iooss 2015-12-20 16:28:49 +01:00 committed by Chris PeBenito
parent 59e00c5580
commit 3505a51d76
2 changed files with 3 additions and 1 deletions

View File

@ -234,6 +234,7 @@ ifdef(`distro_gentoo',`
/usr/lib/rpm/rpmq -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/rpm/rpmq -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/rpm/rpmv -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/rpm/rpmv -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/sftp-server -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/ssh(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/sudo/sesh -- gen_context(system_u:object_r:shell_exec_t,s0) /usr/lib/sudo/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/lib/systemd/system-generators(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/systemd/system-generators(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/systemd/user-generators(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/systemd/user-generators(/.*)? gen_context(system_u:object_r:bin_t,s0)

View File

@ -7,7 +7,8 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
/usr/bin/ssh-agent -- gen_context(system_u:object_r:ssh_agent_exec_t,s0) /usr/bin/ssh-agent -- gen_context(system_u:object_r:ssh_agent_exec_t,s0)
/usr/bin/ssh-keygen -- gen_context(system_u:object_r:ssh_keygen_exec_t,s0) /usr/bin/ssh-keygen -- gen_context(system_u:object_r:ssh_keygen_exec_t,s0)
/usr/lib/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0) /usr/lib/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
/usr/lib/ssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
/usr/libexec/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0) /usr/libexec/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)