From: bigon@debian.org (Laurent Bigonville)
Date: Tue, 27 Nov 2012 20:21:09 +0100
Subject: [refpolicy] [PATCH 1/2 v2] Properly label all the ssh host keys
In-Reply-To: <5051FE5C.1090600@redhat.com>
References: <5051FE5C.1090600@redhat.com>
Message-ID: <1354044069-4995-1-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

Be sure that we are labeling properly all ssh host keys even if new
algorithms are added in the future.
---
 policy/modules/services/ssh.fc |    4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
index 7df96c5..76d9f66 100644
--- a/policy/modules/services/ssh.fc
+++ b/policy/modules/services/ssh.fc
@@ -1,9 +1,7 @@
 HOME_DIR/\.ssh(/.*)?			gen_context(system_u:object_r:ssh_home_t,s0)
 
 /etc/ssh/primes			--	gen_context(system_u:object_r:sshd_key_t,s0)
-/etc/ssh/ssh_host_key 		--	gen_context(system_u:object_r:sshd_key_t,s0)
-/etc/ssh/ssh_host_dsa_key	--	gen_context(system_u:object_r:sshd_key_t,s0)
-/etc/ssh/ssh_host_rsa_key	--	gen_context(system_u:object_r:sshd_key_t,s0)
+/etc/ssh/ssh_host.*_key		--	gen_context(system_u:object_r:sshd_key_t,s0)
 
 /usr/bin/ssh			--	gen_context(system_u:object_r:ssh_exec_t,s0)
 /usr/bin/ssh-agent		--	gen_context(system_u:object_r:ssh_agent_exec_t,s0)
-- 
1.7.10.4