RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ssh_dac_read_search' of git://github.com/fishilico/selinux-refpolicy

This commit is contained in:
Chris PeBenito 2019-01-06 14:06:47 -05:00
parent 38839b3e6c 3734d7e76c
commit 559d4b830a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/services/ssh.if
View File

@ -181,7 +181,7 @@ template(`ssh_server_template', `
type $1_var_run_t; type $1_var_run_t;
files_pid_file($1_var_run_t) files_pid_file($1_var_run_t)
allow $1_t self:capability { chown dac_override fowner fsetid kill setgid setuid sys_chroot sys_nice sys_resource sys_tty_config }; allow $1_t self:capability { chown dac_read_search fowner fsetid kill setgid setuid sys_chroot sys_nice sys_resource sys_tty_config };
# net_admin is for SO_SNDBUFFORCE # net_admin is for SO_SNDBUFFORCE
dontaudit $1_t self:capability net_admin; dontaudit $1_t self:capability net_admin;
allow $1_t self:fifo_file rw_fifo_file_perms; allow $1_t self:fifo_file rw_fifo_file_perms;