From: domg472@gmail.com (Dominick Grift) Date: Mon, 12 Jul 2010 21:32:22 +0200 Subject: [refpolicy] [ ssh patch 1/1] Some fixes in the ssh module with regard to userdom_user_home_content and ubac. In-Reply-To: <4C3B5BA0.2040904@tresys.com> References: <20100709144150.GA10383@localhost.localdomain> <4C3B5BA0.2040904@tresys.com> Message-ID: <4C3B6DC6.4070605@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 07/12/2010 08:14 PM, Christopher J. PeBenito wrote: > On 07/09/10 10:41, Dominick Grift wrote: >> Signed-off-by: Dominick Grift >> --- >> :100644 100644 ef3f32d... 1a59f6a... M policy/modules/services/ssh.if >> :100644 100644 512834a... afbe9ac... M policy/modules/services/ssh.te >> policy/modules/services/ssh.if | 4 +++- >> policy/modules/services/ssh.te | 1 - >> 2 files changed, 3 insertions(+), 2 deletions(-) >> >> diff --git a/policy/modules/services/ssh.if >> b/policy/modules/services/ssh.if >> index ef3f32d..1a59f6a 100644 >> --- a/policy/modules/services/ssh.if >> +++ b/policy/modules/services/ssh.if >> @@ -45,11 +45,13 @@ template(`ssh_basic_client_template',` >> >> type $1_ssh_t; >> application_domain($1_ssh_t, ssh_exec_t) >> + ubac_constrained($1_ssh_t) >> + >> role $3 types $1_ssh_t; >> >> type $1_ssh_home_t; >> - files_type($1_ssh_home_t) >> typealias $1_ssh_home_t alias $1_home_ssh_t; >> + userdom_user_home_content($1_ssh_home_t) >> >> ############################## >> # > > I don't think we actually want this change. The template isn't meant to > be used by users; they use ssh_t. > Is this not a template for ssh client application? Is that not an user agent. Should user agents not be ubac_constrained? Is $1_ssh_home_t not userdom_user_home_content. However you look at it? >> ############################## > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100712/3eb4d5df/attachment-0001.bin