Fix home_ssh_t usage.

2010-01-25 08:34:28 -05:00 · 2010-01-25 08:34:28 -05:00 · edc2f7dea4
commit edc2f7dea4
parent 82b5d290cc
3 changed files with 17 additions and 16 deletions
--- a/policy/modules/services/nx.fc
+++ b/policy/modules/services/nx.fc
@ -1,6 +1,6 @@
 /opt/NX/bin/nxserver		--	gen_context(system_u:object_r:nx_server_exec_t,s0)

-/opt/NX/home/nx/\.ssh(/.*)?		gen_context(system_u:object_r:nx_server_home_ssh_t,s0)
+/opt/NX/home/nx/\.ssh(/.*)?		gen_context(system_u:object_r:nx_server_ssh_home_t,s0)

 /opt/NX/var(/.*)?			gen_context(system_u:object_r:nx_server_var_run_t,s0)

--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@ -47,8 +47,9 @@ template(`ssh_basic_client_template',`
 	application_domain($1_ssh_t, ssh_exec_t)
 	role $3 types $1_ssh_t;

-	type $1_home_ssh_t;
-	files_type($1_home_ssh_t)
+	type $1_ssh_home_t;
+	files_type($1_ssh_home_t)
+	typealias $1_ssh_home_t alias $1_home_ssh_t;

 	##############################
 	#
@ -92,18 +93,18 @@ template(`ssh_basic_client_template',`
 	ps_process_pattern($2, $1_ssh_t)

 	# user can manage the keys and config
-	manage_files_pattern($2, $1_home_ssh_t, $1_home_ssh_t)
-	manage_lnk_files_pattern($2, $1_home_ssh_t, $1_home_ssh_t)
-	manage_sock_files_pattern($2, $1_home_ssh_t, $1_home_ssh_t)
+	manage_files_pattern($2, $1_ssh_home_t, $1_ssh_home_t)
+	manage_lnk_files_pattern($2, $1_ssh_home_t, $1_ssh_home_t)
+	manage_sock_files_pattern($2, $1_ssh_home_t, $1_ssh_home_t)

 	# ssh client can manage the keys and config
-	manage_files_pattern($1_ssh_t, $1_home_ssh_t, $1_home_ssh_t)
-	read_lnk_files_pattern($1_ssh_t, $1_home_ssh_t, $1_home_ssh_t)
+	manage_files_pattern($1_ssh_t, $1_ssh_home_t, $1_ssh_home_t)
+	read_lnk_files_pattern($1_ssh_t, $1_ssh_home_t, $1_ssh_home_t)

 	# ssh servers can read the user keys and config
-	allow ssh_server $1_home_ssh_t:dir list_dir_perms;
-	read_files_pattern(ssh_server, $1_home_ssh_t, $1_home_ssh_t)
-	read_lnk_files_pattern(ssh_server, $1_home_ssh_t, $1_home_ssh_t)
+	allow ssh_server $1_ssh_home_t:dir list_dir_perms;
+	read_files_pattern(ssh_server, $1_ssh_home_t, $1_ssh_home_t)
+	read_lnk_files_pattern(ssh_server, $1_ssh_home_t, $1_ssh_home_t)

 	kernel_read_kernel_sysctls($1_ssh_t)
 	kernel_read_system_state($1_ssh_t)
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@ -111,9 +111,9 @@ manage_fifo_files_pattern(ssh_t, ssh_tmpfs_t, ssh_tmpfs_t)
 manage_sock_files_pattern(ssh_t, ssh_tmpfs_t, ssh_tmpfs_t)
 fs_tmpfs_filetrans(ssh_t, ssh_tmpfs_t, { dir file lnk_file sock_file fifo_file })

-manage_dirs_pattern(ssh_t, home_ssh_t, home_ssh_t)
-manage_sock_files_pattern(ssh_t, home_ssh_t, home_ssh_t)
-userdom_user_home_dir_filetrans(ssh_t, home_ssh_t, { dir sock_file })
+manage_dirs_pattern(ssh_t, ssh_home_t, ssh_home_t)
+manage_sock_files_pattern(ssh_t, ssh_home_t, ssh_home_t)
+userdom_user_home_dir_filetrans(ssh_t, ssh_home_t, { dir sock_file })

 # Allow the ssh program to communicate with ssh-agent.
 stream_connect_pattern(ssh_t, ssh_agent_tmp_t, ssh_agent_tmp_t, ssh_agent_type)
@ -121,8 +121,8 @@ stream_connect_pattern(ssh_t, ssh_agent_tmp_t, ssh_agent_tmp_t, ssh_agent_type)
 allow ssh_t sshd_t:unix_stream_socket connectto;

 # ssh client can manage the keys and config
-manage_files_pattern(ssh_t, home_ssh_t, home_ssh_t)
-read_lnk_files_pattern(ssh_t, home_ssh_t, home_ssh_t)
+manage_files_pattern(ssh_t, ssh_home_t, ssh_home_t)
+read_lnk_files_pattern(ssh_t, ssh_home_t, ssh_home_t)

 # ssh servers can read the user keys and config
 allow ssh_server ssh_home_t:dir list_dir_perms;