nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sshd: label sshd-session as sshd_exec_t

Browse Source 
OpenSSH 9.8 splits out much of the session code from the main sshd
binary into a new sshd-session binary. Allow the sshd server to execute
this binary by labeling it as sshd_exec_t.

Signed-off-by: Kenton Groombridge <concord@gentoo.org>
This commit is contained in:
Kenton Groombridge 2024-07-05 14:47:47 -04:00
parent 6cacc4871a
commit 097d688ff8
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/services/ssh.fc
View File

@ -8,6 +8,7 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
/usr/bin/ssh-keygen -- gen_context(system_u:object_r:ssh_keygen_exec_t,s0)
/usr/bin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
/usr/lib/misc/sshd-session -- gen_context(system_u:object_r:sshd_exec_t,s0)
/usr/lib/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
/usr/lib/ssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)