1 |
commit: 023c81f826342c88f21aa5da3d6143365730b319 |
2 |
Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com> |
3 |
AuthorDate: Sat Nov 9 09:45:13 2013 +0000 |
4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Dec 6 17:30:11 2013 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=023c81f8 |
7 |
|
8 |
sshd/setrans: make respective init scripts create pid dirs with proper contexts |
9 |
|
10 |
Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com> |
11 |
|
12 |
--- |
13 |
policy/modules/services/ssh.te | 4 ++++ |
14 |
policy/modules/system/setrans.te | 4 ++++ |
15 |
2 files changed, 8 insertions(+) |
16 |
|
17 |
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te |
18 |
index cc877c7..d7559d8 100644 |
19 |
--- a/policy/modules/services/ssh.te |
20 |
+++ b/policy/modules/services/ssh.te |
21 |
@@ -33,6 +33,10 @@ corecmd_executable_file(sshd_exec_t) |
22 |
ssh_server_template(sshd) |
23 |
init_daemon_domain(sshd_t, sshd_exec_t) |
24 |
|
25 |
+ifdef(`distro_debian',` |
26 |
+ init_daemon_run_dir(sshd_var_run_t, "sshd") |
27 |
+') |
28 |
+ |
29 |
type sshd_key_t; |
30 |
files_type(sshd_key_t) |
31 |
|
32 |
|
33 |
diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te |
34 |
index 8e1e27d..83e355c 100644 |
35 |
--- a/policy/modules/system/setrans.te |
36 |
+++ b/policy/modules/system/setrans.te |
37 |
@@ -20,6 +20,10 @@ type setrans_var_run_t; |
38 |
files_pid_file(setrans_var_run_t) |
39 |
mls_trusted_object(setrans_var_run_t) |
40 |
|
41 |
+ifdef(`distro_debian',` |
42 |
+ init_daemon_run_dir(setrans_var_run_t, "setrans") |
43 |
+') |
44 |
+ |
45 |
ifdef(`enable_mcs',` |
46 |
init_ranged_daemon_domain(setrans_t, setrans_exec_t, s0 - mcs_systemhigh) |
47 |
') |