ssh: Debian sshd is configured to use capabilities
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
This commit is contained in:
parent
cf905e8ef1
commit
fc8bbe630a
|
@ -245,6 +245,10 @@ term_relabelto_all_ptys(sshd_t)
|
||||||
corenet_tcp_bind_xserver_port(sshd_t)
|
corenet_tcp_bind_xserver_port(sshd_t)
|
||||||
corenet_sendrecv_xserver_server_packets(sshd_t)
|
corenet_sendrecv_xserver_server_packets(sshd_t)
|
||||||
|
|
||||||
|
ifdef(`distro_debian',`
|
||||||
|
allow sshd_t self:process { getcap setcap };
|
||||||
|
')
|
||||||
|
|
||||||
tunable_policy(`ssh_sysadm_login',`
|
tunable_policy(`ssh_sysadm_login',`
|
||||||
# Relabel and access ptys created by sshd
|
# Relabel and access ptys created by sshd
|
||||||
# ioctl is necessary for logout() processing for utmp entry and for w to
|
# ioctl is necessary for logout() processing for utmp entry and for w to
|
||||||
|
|
Loading…
Reference in New Issue