Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/
Date: Sun, 09 Feb 2014 10:54:38
Message-Id: 1391943058.3c2ad3e4b5919b0012847ae45f7197cdc0830e94.swift@gentoo
1 commit: 3c2ad3e4b5919b0012847ae45f7197cdc0830e94
2 Author: Laurent Bigonville <bigon <AT> bigon <DOT> be>
3 AuthorDate: Wed Feb 5 21:23:31 2014 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Sun Feb 9 10:50:58 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=3c2ad3e4
7
8 Add fcontext for sshd pidfile and directory used for privsep
9
10 Also allow sshd_t domain to chroot(2) in this directory as explained in
11 the README.privsep file in the openssh tarball.
12
13 Thanks to Russell Coker for this patch
14
15 ---
16 policy/modules/services/ssh.fc | 2 ++
17 policy/modules/services/ssh.if | 1 +
18 2 files changed, 3 insertions(+)
19
20 diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
21 index 76d9f66..8168244 100644
22 --- a/policy/modules/services/ssh.fc
23 +++ b/policy/modules/services/ssh.fc
24 @@ -13,4 +13,6 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
25
26 /usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
27
28 +/var/run/sshd(/.*)? gen_context(system_u:object_r:sshd_var_run_t,s0)
29 /var/run/sshd\.init\.pid -- gen_context(system_u:object_r:sshd_var_run_t,s0)
30 +/var/run/sshd\.pid -- gen_context(system_u:object_r:sshd_var_run_t,s0)
31
32 diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
33 index fe0c682..48eb1c8 100644
34 --- a/policy/modules/services/ssh.if
35 +++ b/policy/modules/services/ssh.if
36 @@ -196,6 +196,7 @@ template(`ssh_server_template', `
37 manage_files_pattern($1_t, $1_tmpfs_t, $1_tmpfs_t)
38 fs_tmpfs_filetrans($1_t, $1_tmpfs_t, file)
39
40 + allow $1_t $1_var_run_t:dir search_dir_perms;
41 allow $1_t $1_var_run_t:file manage_file_perms;
42 files_pid_filetrans($1_t, $1_var_run_t, file)
Report Message
Find on MARC Find on Google Groups