From d8071a8e1b4faa6c729f309745456cb9dc5072e8 Mon Sep 17 00:00:00 2001 From: Luis Ressel Date: Sun, 19 Jul 2015 19:48:28 +0200 Subject: [PATCH] Allow ssh-agent to send signals to itself This is neccessary for "ssh-agent -k". --- policy/modules/services/ssh.if | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if index cbd0cdd26..3fda88720 100644 --- a/policy/modules/services/ssh.if +++ b/policy/modules/services/ssh.if @@ -346,7 +346,7 @@ template(`ssh_role_template',` # SSH agent local policy # - allow $1_ssh_agent_t self:process setrlimit; + allow $1_ssh_agent_t self:process { setrlimit signal }; allow $1_ssh_agent_t self:capability setgid; allow $1_ssh_agent_t { $1_ssh_agent_t $3 }:process signull;