Vagrantfile: allow unconfined and sysadm SSH login

Since commit 210b64f10a ("Remove shell automatic domain transitions to unconfined_t from various pam login programs"), setting ssh_sysadm_login is mandatory in order to allow vagrant user to use SSH while using unconfined_u or sysadm_u. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2020-01-12 22:42:20 +01:00 · 2020-01-12 22:42:20 +01:00 · 653b8a223b
parent e192a1e73f
commit 653b8a223b
1 changed files with 3 additions and 0 deletions
--- a/3
+++ b/3
@ -32,6 +32,9 @@ $install_refpolicy = <<-SHELL
  # allow every domain to use /dev/urandom
  semanage boolean --modify --on global_ssp

+  # allow opening SSH sessions as unconfined_u and sysadm_u
+  semanage boolean --modify --on ssh_sysadm_login
+
  # allow systemd-tmpfiles to manage every file
  semanage boolean --modify --on systemd_tmpfiles_manage_all