Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/
Date: Sun, 09 Feb 2014 10:54:45
Message-Id: 1391943063.ee4eba3c01aff37e2c201ce4f998887aa0b211be.swift@gentoo
1 commit: ee4eba3c01aff37e2c201ce4f998887aa0b211be
2 Author: Luis Ressel <aranea <AT> aixah <DOT> de>
3 AuthorDate: Sun Feb 2 12:19:31 2014 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Sun Feb 9 10:51:03 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=ee4eba3c
7
8 Conditionally allow ssh to use gpg-agent
9
10 gpg-agent also offers an ssh-compatible interface. This is useful e.g.
11 for smartcard authentication.
12
13 ---
14 policy/modules/services/ssh.if | 7 +++++++
15 policy/modules/services/ssh.te | 13 +++++++++++++
16 2 files changed, 20 insertions(+)
17
18 diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
19 index 48eb1c8..33ad1b4 100644
20 --- a/policy/modules/services/ssh.if
21 +++ b/policy/modules/services/ssh.if
22 @@ -426,6 +426,13 @@ template(`ssh_role_template',`
23 xserver_use_xdm_fds($1_ssh_agent_t)
24 xserver_rw_xdm_pipes($1_ssh_agent_t)
25 ')
26 +
27 + optional_policy(`
28 + tunable_policy(`ssh_use_gpg_agent',`
29 + # for ssh-add
30 + gpg_agent_connect($3)
31 + ')
32 + ')
33 ')
34
35 ########################################
36
37 diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
38 index 2022f28..65b5be9 100644
39 --- a/policy/modules/services/ssh.te
40 +++ b/policy/modules/services/ssh.te
41 @@ -19,6 +19,13 @@ gen_tunable(allow_ssh_keysign, false)
42 ## </desc>
43 gen_tunable(ssh_sysadm_login, false)
44
45 +## <desc>
46 +## <p>
47 +## Allow ssh to use gpg-agent
48 +## </p>
49 +## </desc>
50 +gen_tunable(ssh_use_gpg_agent, false)
51 +
52 attribute ssh_server;
53 attribute ssh_agent_type;
54
55 @@ -202,6 +209,12 @@ optional_policy(`
56 xserver_domtrans_xauth(ssh_t)
57 ')
58
59 +optional_policy(`
60 + tunable_policy(`ssh_use_gpg_agent',`
61 + gpg_agent_connect(ssh_t)
62 + ')
63 +')
64 +
65 ##############################
66 #
67 # ssh_keysign_t local policy
Report Message
Find on MARC Find on Google Groups