From d08a3df046cd628d2e5b8e0897b30aded1a6747f Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Feb 18 2010 01:32:08 +0000 Subject: Ssh key creation fix from Gentoo. --- diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if index 7c79b4a..141ca93 100644 --- a/policy/modules/services/ssh.if +++ b/policy/modules/services/ssh.if @@ -183,7 +183,7 @@ template(`ssh_server_template', ` allow $1_t self:capability { kill sys_chroot sys_resource chown dac_override fowner fsetid setgid setuid sys_tty_config }; allow $1_t self:fifo_file rw_fifo_file_perms; - allow $1_t self:process { signal getsched setsched setrlimit setexec }; + allow $1_t self:process { signal getsched setsched setrlimit setexec setkeycreate }; allow $1_t self:tcp_socket create_stream_socket_perms; allow $1_t self:udp_socket create_socket_perms; # ssh agent connections: @@ -242,6 +242,7 @@ template(`ssh_server_template', ` miscfiles_read_localization($1_t) + userdom_create_all_users_keys($1_t) userdom_dontaudit_relabelfrom_user_ptys($1_t) userdom_search_user_home_dirs($1_t) diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te index b42ec01..d44327b 100644 --- a/policy/modules/services/ssh.te +++ b/policy/modules/services/ssh.te @@ -1,5 +1,5 @@ -policy_module(ssh, 2.1.1) +policy_module(ssh, 2.1.2) ######################################## #