From: bigon@debian.org (Laurent Bigonville)
Date: Thu, 6 Feb 2014 12:57:01 +0100
Subject: [refpolicy] [PATCH 1/2] Add fcontext for sshd pidfile and
 directory used for privsep
In-Reply-To: <1391635412-16253-1-git-send-email-bigon@debian.org>
References: <1391635412-16253-1-git-send-email-bigon@debian.org>
Message-ID: <20140206125701.03228b71@soldur.bigon.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Le Wed,  5 Feb 2014 22:23:31 +0100,
Laurent Bigonville <bigon@debian.org> a ?crit :

[...]

diff --git
> a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
> index fe0c682..48eb1c8 100644 --- a/policy/modules/services/ssh.if
> +++ b/policy/modules/services/ssh.if @@ -196,6 +196,7 @@
> template(`ssh_server_template', ` manage_files_pattern($1_t,
> $1_tmpfs_t, $1_tmpfs_t) fs_tmpfs_filetrans($1_t, $1_tmpfs_t, file)
>  
> +	allow $1_t $1_var_run_t:dir search_dir_perms;
>  	allow $1_t $1_var_run_t:file manage_file_perms;
>  	files_pid_filetrans($1_t, $1_var_run_t, file)
>  

Or maybe this should be conditional for debian only?