trunk: remove incomplete sshd_extern.

This commit is contained in:
Chris PeBenito 2008-09-18 14:06:30 +00:00
parent 64c5b9975b
commit c9824ec5ce

View File

@ -1,5 +1,5 @@
policy_module(ssh, 1.10.0) policy_module(ssh, 1.10.1)
######################################## ########################################
# #
@ -44,8 +44,6 @@ corecmd_executable_file(sshd_exec_t)
ssh_server_template(sshd) ssh_server_template(sshd)
init_daemon_domain(sshd_t, sshd_exec_t) init_daemon_domain(sshd_t, sshd_exec_t)
ssh_server_template(sshd_extern)
type sshd_key_t; type sshd_key_t;
files_type(sshd_key_t) files_type(sshd_key_t)
@ -146,45 +144,6 @@ tunable_policy(`ssh_sysadm_login',`
') ')
') dnl endif TODO ') dnl endif TODO
#################################
#
# sshd_extern local policy
#
# sshd_extern_t is the domain for ssh from outside our network
#
ifdef(`TODO',`
domain_trans(initrc_t, sshd_exec_t, sshd_extern_t)
domain_trans(sshd_extern_t, shell_exec_t, user_mini_domain)
# Signal the user domains.
allow sshd_extern_t user_mini_domain:process signal;
ifdef(`xauth.te', `
domain_trans(sshd_extern_t, xauth_exec_t, user_mini_domain)
')
# Relabel and access ptys created by sshd
# ioctl is necessary for logout() processing for utmp entry and for w to
# display the tty.
# some versions of sshd on the new SE Linux require setattr
allow sshd_extern_t user_mini_domain:chr_file { relabelto read write getattr ioctl setattr };
# inheriting stream sockets is needed for "ssh host command" as no pty
# is allocated
allow user_mini_domain sshd_extern_t:unix_stream_socket rw_stream_socket_perms;
optional_policy(`
domain_trans(inetd_t, sshd_exec_t, sshd_extern_t)
')
ifdef(`direct_sysadm_daemon', `
# Direct execution by sysadm_r.
domain_auto_trans(sysadm_t, sshd_exec_t, sshd_t)
role_transition sysadm_r sshd_exec_t system_r;
')
') dnl endif TODO
######################################## ########################################
# #
# ssh_keygen local policy # ssh_keygen local policy