From: cgzones <[email protected]>
---
policy/modules/kernel/filesystem.if | 18 ++++++++++++++++++
policy/modules/roles/sysadm.te | 4 ++++
policy/modules/services/ssh.if | 19 +++++++++++++++++++
3 files changed, 41 insertions(+)
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 42ab95c09..0067031ac 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -4769,6 +4769,24 @@ interface(`fs_getattr_tracefs',`
########################################
## <summary>
+## Get attributes of dirs on tracefs filesystem.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`fs_getattr_tracefs_dirs',`
+ gen_require(`
+ type tracefs_t;
+ ')
+
+ allow $1 tracefs_t:dir getattr;
+')
+
+########################################
+## <summary>
## search directories on a tracefs filesystem
## </summary>
## <param name="domain">
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 54df43546..2c6e73af8 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -899,6 +899,10 @@ optional_policy(`
')
optional_policy(`
+ rkhunter_run(sysadm_t, sysadm_r)
+')
+
+optional_policy(`
rngd_admin(sysadm_t, sysadm_r)
')
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index 3eca8306a..22642eb3c 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -601,6 +601,25 @@ interface(`ssh_tcp_connect',`
########################################
## <summary>
+## Execute the ssh daemon in the caller domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ssh_exec_sshd',`
+ gen_require(`
+ type sshd_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ can_exec($1, sshd_exec_t)
+')
+
+########################################
+## <summary>
## Execute the ssh daemon sshd domain.
## </summary>
## <param name="domain">
--
2.11.0