From: domg472@gmail.com (Dominick Grift) Date: Fri, 9 Jul 2010 16:41:55 +0200 Subject: [refpolicy] [ ssh patch 1/1] Some fixes in the ssh module with regard to userdom_user_home_content and ubac. Message-ID: <20100709144150.GA10383@localhost.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Signed-off-by: Dominick Grift --- :100644 100644 ef3f32d... 1a59f6a... M policy/modules/services/ssh.if :100644 100644 512834a... afbe9ac... M policy/modules/services/ssh.te policy/modules/services/ssh.if | 4 +++- policy/modules/services/ssh.te | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if index ef3f32d..1a59f6a 100644 --- a/policy/modules/services/ssh.if +++ b/policy/modules/services/ssh.if @@ -45,11 +45,13 @@ template(`ssh_basic_client_template',` type $1_ssh_t; application_domain($1_ssh_t, ssh_exec_t) + ubac_constrained($1_ssh_t) + role $3 types $1_ssh_t; type $1_ssh_home_t; - files_type($1_ssh_home_t) typealias $1_ssh_home_t alias $1_home_ssh_t; + userdom_user_home_content($1_ssh_home_t) ############################## # diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te index 512834a..afbe9ac 100644 --- a/policy/modules/services/ssh.te +++ b/policy/modules/services/ssh.te @@ -74,7 +74,6 @@ ubac_constrained(ssh_tmpfs_t) type ssh_home_t; typealias ssh_home_t alias { home_ssh_t user_ssh_home_t user_home_ssh_t staff_home_ssh_t sysadm_home_ssh_t }; typealias ssh_home_t alias { auditadm_home_ssh_t secadm_home_ssh_t }; -files_type(ssh_home_t) userdom_user_home_content(ssh_home_t) ############################## -- 1.7.1.1 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100709/daa0a627/attachment-0001.bin