From dd8ed0ba141ed9ff76d13fc4fbe75f5add3e1b96 Mon Sep 17 00:00:00 2001
From: bauen1 <j2468h@gmail.com>
Date: Mon, 11 May 2020 18:28:05 +0200
Subject: [PATCH] application: applications can be executed from ssh without
 pty

For example ansible uses `ssh localhost sudo id` to become root.
This doesn't appear to be necessary in redhat due to https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-6.6p1-privsep-selinux.patch

Signed-off-by: bauen1 <j2468h@gmail.com>
---
 policy/modules/system/application.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/system/application.te b/policy/modules/system/application.te
index c6fdab72d..f85873db0 100644
--- a/policy/modules/system/application.te
+++ b/policy/modules/system/application.te
@@ -13,6 +13,10 @@ optional_policy(`
 optional_policy(`
 	ssh_sigchld(application_domain_type)
 	ssh_rw_stream_sockets(application_domain_type)
+
+	ifndef(`distro_redhat', `
+		ssh_rw_pipes(application_domain_type)
+	')
 ')
 
 optional_policy(`