From d08a3df046cd628d2e5b8e0897b30aded1a6747f Mon Sep 17 00:00:00 2001
From: Chris PeBenito <pebenito@gentoo.org>
Date: Wed, 17 Feb 2010 20:32:08 -0500
Subject: [PATCH] Ssh key creation fix from Gentoo.

---
 policy/modules/services/ssh.if | 3 ++-
 policy/modules/services/ssh.te | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index 7c79b4ad2..141ca93cc 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -183,7 +183,7 @@ template(`ssh_server_template', `
 
 	allow $1_t self:capability { kill sys_chroot sys_resource chown dac_override fowner fsetid setgid setuid sys_tty_config };
 	allow $1_t self:fifo_file rw_fifo_file_perms;
-	allow $1_t self:process { signal getsched setsched setrlimit setexec };
+	allow $1_t self:process { signal getsched setsched setrlimit setexec setkeycreate };
 	allow $1_t self:tcp_socket create_stream_socket_perms;
 	allow $1_t self:udp_socket create_socket_perms;
 	# ssh agent connections:
@@ -242,6 +242,7 @@ template(`ssh_server_template', `
 
 	miscfiles_read_localization($1_t)
 
+	userdom_create_all_users_keys($1_t)
 	userdom_dontaudit_relabelfrom_user_ptys($1_t)
 	userdom_search_user_home_dirs($1_t)
 
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index b42ec0113..d44327bd7 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -1,5 +1,5 @@
 
-policy_module(ssh, 2.1.1)
+policy_module(ssh, 2.1.2)
 
 ########################################
 #