From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Mon, 12 Jul 2010 14:14:56 -0400 Subject: [refpolicy] [ ssh patch 1/1] Some fixes in the ssh module with regard to userdom_user_home_content and ubac. In-Reply-To: <20100709144150.GA10383@localhost.localdomain> References: <20100709144150.GA10383@localhost.localdomain> Message-ID: <4C3B5BA0.2040904@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 07/09/10 10:41, Dominick Grift wrote: > Signed-off-by: Dominick Grift > --- > :100644 100644 ef3f32d... 1a59f6a... M policy/modules/services/ssh.if > :100644 100644 512834a... afbe9ac... M policy/modules/services/ssh.te > policy/modules/services/ssh.if | 4 +++- > policy/modules/services/ssh.te | 1 - > 2 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if > index ef3f32d..1a59f6a 100644 > --- a/policy/modules/services/ssh.if > +++ b/policy/modules/services/ssh.if > @@ -45,11 +45,13 @@ template(`ssh_basic_client_template',` > > type $1_ssh_t; > application_domain($1_ssh_t, ssh_exec_t) > + ubac_constrained($1_ssh_t) > + > role $3 types $1_ssh_t; > > type $1_ssh_home_t; > - files_type($1_ssh_home_t) > typealias $1_ssh_home_t alias $1_home_ssh_t; > + userdom_user_home_content($1_ssh_home_t) > > ############################## > # I don't think we actually want this change. The template isn't meant to be used by users; they use ssh_t. > diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te > index 512834a..afbe9ac 100644 > --- a/policy/modules/services/ssh.te > +++ b/policy/modules/services/ssh.te > @@ -74,7 +74,6 @@ ubac_constrained(ssh_tmpfs_t) > type ssh_home_t; > typealias ssh_home_t alias { home_ssh_t user_ssh_home_t user_home_ssh_t staff_home_ssh_t sysadm_home_ssh_t }; > typealias ssh_home_t alias { auditadm_home_ssh_t secadm_home_ssh_t }; > -files_type(ssh_home_t) > userdom_user_home_content(ssh_home_t) > > ############################## -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com