From f5650ab535ffd9536fe948834bee5b0b0eb3149b Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 28 Nov 2011 22:06:19 -0500 Subject: [PATCH] Allow sshd_t to getattr on all file systems in order to generate avc on nfs_t --- policy/modules/services/ssh.if | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if index d6a4b773..e494f5cd 100644 --- a/policy/modules/services/ssh.if +++ b/policy/modules/services/ssh.if @@ -250,7 +250,7 @@ template(`ssh_server_template',` # tunnel feature and -w (net_admin capability also) corenet_rw_tun_tap_dev($1_t) - fs_dontaudit_getattr_all_fs($1_t) + fs_getattr_all_fs($1_t) auth_rw_login_records($1_t) auth_rw_faillog($1_t) -- 2.39.5