From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 15 Jan 2010 15:28:47 -0500
Subject: [refpolicy] services_ssh.patch
In-Reply-To: <4AFC860D.1020606@redhat.com>
References: <4AFC860D.1020606@redhat.com>
Message-ID: <1263587328.2570.39.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2009-11-12 at 17:02 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_ssh.patch
> 
> Handle /root/.ssh directory
> 
> 
> Lots of other fixes.

Moved tmpfs to server template to go along with the sem usage.

Since the tunnel support apparently needs net_admin capability, it needs
to be put in a conditional.  The capability definitely shouldn't be
allowed in general use.

Dropped home dir changes to the client template.  It shouldn't be using
the user's ssh home dir.

Moved the "Required for FreeNX" /var/lib rules into the NX optional.

Otherwise merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150