trunk: remove incomplete sshd_extern.

policy/modules/services/ssh.te

@@ -1,5 +1,5 @@
 
-policy_module(ssh, 1.10.0)
+policy_module(ssh, 1.10.1)
 
 ########################################
 #
@@ -44,8 +44,6 @@ corecmd_executable_file(sshd_exec_t)
 ssh_server_template(sshd)
 init_daemon_domain(sshd_t, sshd_exec_t)
 
-ssh_server_template(sshd_extern)
-
 type sshd_key_t;
 files_type(sshd_key_t)
 
@@ -146,45 +144,6 @@ tunable_policy(`ssh_sysadm_login',`
 ')
 ') dnl endif TODO
 
-#################################
-#
-# sshd_extern local policy
-#
-# sshd_extern_t is the domain for ssh from outside our network
-#
-
-ifdef(`TODO',`
-domain_trans(initrc_t, sshd_exec_t, sshd_extern_t)
-
-domain_trans(sshd_extern_t, shell_exec_t, user_mini_domain)
-# Signal the user domains.
-allow sshd_extern_t user_mini_domain:process signal;
-
-ifdef(`xauth.te', `
-domain_trans(sshd_extern_t, xauth_exec_t, user_mini_domain)
-')
-
-# Relabel and access ptys created by sshd
-# ioctl is necessary for logout() processing for utmp entry and for w to
-# display the tty.
-# some versions of sshd on the new SE Linux require setattr
-allow sshd_extern_t user_mini_domain:chr_file { relabelto read write getattr ioctl setattr };
-
-# inheriting stream sockets is needed for "ssh host command" as no pty
-# is allocated
-allow user_mini_domain sshd_extern_t:unix_stream_socket rw_stream_socket_perms;
-
-optional_policy(`
-	domain_trans(inetd_t, sshd_exec_t, sshd_extern_t)
-')
-
-ifdef(`direct_sysadm_daemon', `
-# Direct execution by sysadm_r.
-domain_auto_trans(sysadm_t, sshd_exec_t, sshd_t)
-role_transition sysadm_r sshd_exec_t system_r;
-')
-') dnl endif TODO
-
 ########################################
 #
 # ssh_keygen local policy