From: aranea@aixah.de (Luis Ressel)
Date: Sun, 19 Jul 2015 19:48:28 +0200
Subject: [refpolicy] [PATCH] Allow ssh-agent to send signals to itself
Message-ID: <1437328108-4287-1-git-send-email-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This is neccessary for "ssh-agent -k".
---
 policy/modules/services/ssh.if | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index cbd0cdd..3fda887 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -346,7 +346,7 @@ template(`ssh_role_template',`
 	# SSH agent local policy
 	#
 
-	allow $1_ssh_agent_t self:process setrlimit;
+	allow $1_ssh_agent_t self:process { setrlimit signal };
 	allow $1_ssh_agent_t self:capability setgid;
 
 	allow $1_ssh_agent_t { $1_ssh_agent_t $3 }:process signull;
-- 
2.4.5