2019-06-20 14:42:59

by Alexander Miroshnichenko

[permalink] [raw]
Subject: [PATCH v2 1/2] ssh: Add ssh_exec_keygen interface

Signed-off-by: Alexander Miroshnichenko <[email protected]>
---
policy/modules/services/ssh.if | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)

diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index b5bd2762ef96..0941f133711e 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -701,6 +701,25 @@ interface(`ssh_read_user_home_files',`
userdom_search_user_home_dirs($1)
')

+########################################
+## <summary>
+## Execute the ssh key generator in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`ssh_exec_keygen',`
+ gen_require(`
+ type ssh_keygen_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ can_exec($1, ssh_keygen_exec_t)
+')
+
########################################
## <summary>
## Execute the ssh key generator in the ssh keygen domain.
--
2.21.0


2019-06-20 14:47:54

by Dominick Grift

[permalink] [raw]
Subject: Re: [PATCH v2 1/2] ssh: Add ssh_exec_keygen interface

On Thu, Jun 20, 2019 at 05:41:37PM +0300, Alexander Miroshnichenko wrote:
> Signed-off-by: Alexander Miroshnichenko <[email protected]>
> ---
> policy/modules/services/ssh.if | 19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
> diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
> index b5bd2762ef96..0941f133711e 100644
> --- a/policy/modules/services/ssh.if
> +++ b/policy/modules/services/ssh.if
> @@ -701,6 +701,25 @@ interface(`ssh_read_user_home_files',`
> userdom_search_user_home_dirs($1)
> ')
>
> +########################################
> +## <summary>
> +## Execute the ssh key generator in the caller domain.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed to transition.

"Domain allowed access." Its not a transition. I suppose you have a use for this interface?

> +## </summary>
> +## </param>
> +#
> +interface(`ssh_exec_keygen',`
> + gen_require(`
> + type ssh_keygen_exec_t;
> + ')
> +
> + corecmd_search_bin($1)
> + can_exec($1, ssh_keygen_exec_t)
> +')
> +
> ########################################
> ## <summary>
> ## Execute the ssh key generator in the ssh keygen domain.
> --
> 2.21.0
>

--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift


Attachments:
(No filename) (1.42 kB)
signature.asc (673.00 B)
Download all attachments