[refpolicy] [PATCH 1/2] Add fcontext for sshd pidfile and directory used for privsep

Christopher J. PeBenito cpebenito at tresys.com
Mon Jan 27 13:23:02 EST 2014


On 01/25/14 05:43, Laurent Bigonville wrote:
> diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
> index 30726f2..a19c9f9 100644
> --- a/policy/modules/services/ssh.te
> +++ b/policy/modules/services/ssh.te
> @@ -34,6 +34,7 @@ ssh_server_template(sshd)
>  init_daemon_domain(sshd_t, sshd_exec_t)
>  
>  ifdef(`distro_debian',`
> +	allow sshd_t sshd_var_run_t:dir { getattr search };
>  	init_daemon_run_dir(sshd_var_run_t, "sshd")
>  ')

This looks like it should be in ssh_server_template().  Also please use search_dir_perms permission set.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com


More information about the refpolicy mailing list