rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Allow users to ptrace and send any kind of signal to their ssh agent instead of only a generic signal.

Browse Source 
Signed-off-by: Dominick Grift <domg472@gmail.com>
This commit is contained in:
Dominick Grift 2010-09-16 09:59:06 +02:00
parent f416df73dd
commit 50e85752ad
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policy/modules/services/ssh.if
View File

@ -339,7 +339,7 @@ template(`ssh_role_template',`
# allow ps to show ssh # allow ps to show ssh
ps_process_pattern($3, ssh_t) ps_process_pattern($3, ssh_t)
allow $3 ssh_t:process signal; allow $3 ssh_t:process { ptrace signal_perms };
# for rsync # for rsync
allow ssh_t $3:unix_stream_socket rw_socket_perms; allow ssh_t $3:unix_stream_socket rw_socket_perms;
@ -372,7 +372,7 @@ template(`ssh_role_template',`
stream_connect_pattern($3, ssh_agent_tmp_t, ssh_agent_tmp_t, $1_ssh_agent_t) stream_connect_pattern($3, ssh_agent_tmp_t, ssh_agent_tmp_t, $1_ssh_agent_t)
# Allow the user shell to signal the ssh program. # Allow the user shell to signal the ssh program.
allow $3 $1_ssh_agent_t:process signal; allow $3 $1_ssh_agent_t:process { ptrace signal_perms };
# allow ps to show ssh # allow ps to show ssh
ps_process_pattern($3, $1_ssh_agent_t) ps_process_pattern($3, $1_ssh_agent_t)