trunk: remove incomplete sshd_extern.
This commit is contained in:
parent
64c5b9975b
commit
c9824ec5ce
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
policy_module(ssh, 1.10.0)
|
policy_module(ssh, 1.10.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
@ -44,8 +44,6 @@ corecmd_executable_file(sshd_exec_t)
|
|||||||
ssh_server_template(sshd)
|
ssh_server_template(sshd)
|
||||||
init_daemon_domain(sshd_t, sshd_exec_t)
|
init_daemon_domain(sshd_t, sshd_exec_t)
|
||||||
|
|
||||||
ssh_server_template(sshd_extern)
|
|
||||||
|
|
||||||
type sshd_key_t;
|
type sshd_key_t;
|
||||||
files_type(sshd_key_t)
|
files_type(sshd_key_t)
|
||||||
|
|
||||||
@ -146,45 +144,6 @@ tunable_policy(`ssh_sysadm_login',`
|
|||||||
')
|
')
|
||||||
') dnl endif TODO
|
') dnl endif TODO
|
||||||
|
|
||||||
#################################
|
|
||||||
#
|
|
||||||
# sshd_extern local policy
|
|
||||||
#
|
|
||||||
# sshd_extern_t is the domain for ssh from outside our network
|
|
||||||
#
|
|
||||||
|
|
||||||
ifdef(`TODO',`
|
|
||||||
domain_trans(initrc_t, sshd_exec_t, sshd_extern_t)
|
|
||||||
|
|
||||||
domain_trans(sshd_extern_t, shell_exec_t, user_mini_domain)
|
|
||||||
# Signal the user domains.
|
|
||||||
allow sshd_extern_t user_mini_domain:process signal;
|
|
||||||
|
|
||||||
ifdef(`xauth.te', `
|
|
||||||
domain_trans(sshd_extern_t, xauth_exec_t, user_mini_domain)
|
|
||||||
')
|
|
||||||
|
|
||||||
# Relabel and access ptys created by sshd
|
|
||||||
# ioctl is necessary for logout() processing for utmp entry and for w to
|
|
||||||
# display the tty.
|
|
||||||
# some versions of sshd on the new SE Linux require setattr
|
|
||||||
allow sshd_extern_t user_mini_domain:chr_file { relabelto read write getattr ioctl setattr };
|
|
||||||
|
|
||||||
# inheriting stream sockets is needed for "ssh host command" as no pty
|
|
||||||
# is allocated
|
|
||||||
allow user_mini_domain sshd_extern_t:unix_stream_socket rw_stream_socket_perms;
|
|
||||||
|
|
||||||
optional_policy(`
|
|
||||||
domain_trans(inetd_t, sshd_exec_t, sshd_extern_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
ifdef(`direct_sysadm_daemon', `
|
|
||||||
# Direct execution by sysadm_r.
|
|
||||||
domain_auto_trans(sysadm_t, sshd_exec_t, sshd_t)
|
|
||||||
role_transition sysadm_r sshd_exec_t system_r;
|
|
||||||
')
|
|
||||||
') dnl endif TODO
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# ssh_keygen local policy
|
# ssh_keygen local policy
|
||||||
|
Loading…
Reference in New Issue
Block a user