LinuxLists.cc - [refpolicy] services

2010-02-23 22:14:58

Subject: [refpolicy] services_ssh.patch

http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_ssh.patch

Handle ssh-copy-id

ssh_home_t should not be per domain.

ssh needs to ask kernel to load modules

Handle tunnels

Allow sshd_t to transition to sftpd_t

2010-03-22 14:52:28

by cpebenito

[permalink] [raw]

Subject: [refpolicy] services_ssh.patch

On Tue, 2010-02-23 at 17:14 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_ssh.patch
>
> Handle ssh-copy-id
>
> ssh_home_t should not be per domain.

The template you're changing is not used for user home dirs.
ssh_role_template() does not call ssh_basic_client_template().
ssh_basic_client_template() is only called from nx and xen, where it
makes sense to have separate ssh keys.

> ssh needs to ask kernel to load modules
>
> Handle tunnels
>
> Allow sshd_t to transition to sftpd_t
>
>

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150