RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add fcontext for sshd pidfile and directory used for privsep 

Also allow sshd_t domain to chroot(2) in this directory as explained in
the README.privsep file in the openssh tarball.

Thanks to Russell Coker for this patch
This commit is contained in:
Laurent Bigonville 2014-02-05 22:23:31 +01:00 committed by Chris PeBenito
parent 33b03a653e
commit f2313e5304
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/services/ssh.fc
View File

@ -13,4 +13,6 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0) /usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
/var/run/sshd(/.*)? gen_context(system_u:object_r:sshd_var_run_t,s0)
/var/run/sshd\.init\.pid -- gen_context(system_u:object_r:sshd_var_run_t,s0) /var/run/sshd\.init\.pid -- gen_context(system_u:object_r:sshd_var_run_t,s0)
/var/run/sshd\.pid -- gen_context(system_u:object_r:sshd_var_run_t,s0)

1
policy/modules/services/ssh.if
View File

@ -196,6 +196,7 @@ template(`ssh_server_template', `
manage_files_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t) manage_files_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
fs_tmpfs_filetrans($1_t, $1_tmpfs_t, file) fs_tmpfs_filetrans($1_t, $1_tmpfs_t, file)
allow $1_t $1_var_run_t:dir search_dir_perms;
allow $1_t $1_var_run_t:file manage_file_perms; allow $1_t $1_var_run_t:file manage_file_perms;
files_pid_filetrans($1_t, $1_var_run_t, file) files_pid_filetrans($1_t, $1_var_run_t, file)