From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 20 Jul 2015 12:12:29 -0400
Subject: [refpolicy] [PATCH] Allow ssh-agent to send signals to itself
In-Reply-To: <1437328108-4287-1-git-send-email-aranea@aixah.de>
References: <1437328108-4287-1-git-send-email-aranea@aixah.de>
Message-ID: <55AD1DED.10403@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 7/19/2015 1:48 PM, Luis Ressel wrote:
> This is neccessary for "ssh-agent -k".
> ---
>  policy/modules/services/ssh.if | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
> index cbd0cdd..3fda887 100644
> --- a/policy/modules/services/ssh.if
> +++ b/policy/modules/services/ssh.if
> @@ -346,7 +346,7 @@ template(`ssh_role_template',`
>  	# SSH agent local policy
>  	#
>  
> -	allow $1_ssh_agent_t self:process setrlimit;
> +	allow $1_ssh_agent_t self:process { setrlimit signal };
>  	allow $1_ssh_agent_t self:capability setgid;
>  
>  	allow $1_ssh_agent_t { $1_ssh_agent_t $3 }:process signull;

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com