From: bigon@debian.org (Laurent Bigonville)
Date: Wed, 12 Sep 2012 21:56:39 +0200
Subject: [refpolicy] [PATCH 1/2] Properly label /etc/ssh/ssh_host_ecdsa_key
	private key
Message-ID: <1347479800-9847-1-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

Since version 5.7, openssh supports ECDSA keys; properly label the
private key file.
---
 policy/modules/services/ssh.fc |    1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
index 078bcd7..64b3e11 100644
--- a/policy/modules/services/ssh.fc
+++ b/policy/modules/services/ssh.fc
@@ -3,6 +3,7 @@ HOME_DIR/\.ssh(/.*)?			gen_context(system_u:object_r:ssh_home_t,s0)
 /etc/ssh/primes			--	gen_context(system_u:object_r:sshd_key_t,s0)
 /etc/ssh/ssh_host_key 		--	gen_context(system_u:object_r:sshd_key_t,s0)
 /etc/ssh/ssh_host_dsa_key	--	gen_context(system_u:object_r:sshd_key_t,s0)
+/etc/ssh/ssh_host_ecdsa_key	--	gen_context(system_u:object_r:sshd_key_t,s0)
 /etc/ssh/ssh_host_rsa_key	--	gen_context(system_u:object_r:sshd_key_t,s0)
 
 /usr/bin/ssh			--	gen_context(system_u:object_r:ssh_exec_t,s0)
-- 
1.7.10.4