[refpolicy] [PATCH 1/2] Add fcontext for sshd pidfile and directory used for privsep

Laurent Bigonville bigon at debian.org
Mon Jan 27 17:18:35 EST 2014


Le Mon, 27 Jan 2014 13:23:02 -0500,
"Christopher J. PeBenito" <cpebenito at tresys.com> a écrit :

> On 01/25/14 05:43, Laurent Bigonville wrote:
> > diff --git a/policy/modules/services/ssh.te
> > b/policy/modules/services/ssh.te index 30726f2..a19c9f9 100644
> > --- a/policy/modules/services/ssh.te
> > +++ b/policy/modules/services/ssh.te
> > @@ -34,6 +34,7 @@ ssh_server_template(sshd)
> >  init_daemon_domain(sshd_t, sshd_exec_t)
> >  
> >  ifdef(`distro_debian',`
> > +	allow sshd_t sshd_var_run_t:dir { getattr search };
> >  	init_daemon_run_dir(sshd_var_run_t, "sshd")
> >  ')
> 
> This looks like it should be in ssh_server_template().  Also please
> use search_dir_perms permission set.
> 

Shouldn't the complete ifdef moved to this then?


More information about the refpolicy mailing list