Label OpenSSH files correctly on Arch Linux
On Arch Linux, OpenSSH installs these binary files in /usr/lib/ssh: * sftp-server (labeled with ssh_keysign_exec_t type in refpolicy) * ssh-askpass (symlink to x11-ssh-askpass) * ssh-keysign * ssh-pkcs11-helper * x11-ssh-askpass (from x11-ssh-askpass package) Label all these files but sftp-server as bin_t.
This commit is contained in:
parent
59e00c5580
commit
3505a51d76
@ -234,6 +234,7 @@ ifdef(`distro_gentoo',`
|
||||
/usr/lib/rpm/rpmq -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/rpm/rpmv -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/ssh(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/sudo/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
/usr/lib/systemd/system-generators(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/systemd/user-generators(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
@ -7,7 +7,8 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
|
||||
/usr/bin/ssh-agent -- gen_context(system_u:object_r:ssh_agent_exec_t,s0)
|
||||
/usr/bin/ssh-keygen -- gen_context(system_u:object_r:ssh_keygen_exec_t,s0)
|
||||
|
||||
/usr/lib/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
|
||||
/usr/lib/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
|
||||
/usr/lib/ssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
|
||||
|
||||
/usr/libexec/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user