userdom_write_user_tmp_files(ssh_t)
userdom_read_user_home_content_symlinks(ssh_t)
userdom_read_home_certs(ssh_t)
+userdom_home_manager(ssh_t)
tunable_policy(`allow_ssh_keysign',`
domtrans_pattern(ssh_t, ssh_keysign_exec_t, ssh_keysign_t)
')
-tunable_policy(`use_fusefs_home_dirs',`
- fs_manage_fusefs_dirs(ssh_t)
- fs_manage_fusefs_files(ssh_t)
-')
-
-tunable_policy(`use_nfs_home_dirs',`
- fs_manage_nfs_dirs(ssh_t)
- fs_manage_nfs_files(ssh_t)
-')
-
-tunable_policy(`use_samba_home_dirs',`
- fs_manage_cifs_dirs(ssh_t)
- fs_manage_cifs_files(ssh_t)
-')
-
# for port forwarding
tunable_policy(`user_tcp_server',`
corenet_tcp_bind_ssh_port(ssh_t)
ftp_dyntrans_anon_sftpd(sshd_t)
')
-optional_policy(`
- gitosis_manage_lib_files(sshd_t)
-')
-
optional_policy(`
inetd_tcp_service_domain(sshd_t, sshd_exec_t)
')
fs_manage_cifs_symlinks(chroot_user_t)
')
+tunable_policy(`ssh_chroot_rw_homedirs && use_fusefs_home_dirs',`
+ fs_manage_fusefs_dirs(chroot_user_t)
+ fs_manage_fusefs_files(chroot_user_t)
+ fs_manage_fusefs_symlinks(chroot_user_t)
+')
+
tunable_policy(`use_samba_home_dirs',`
fs_read_cifs_files(chroot_user_t)
fs_read_cifs_symlinks(chroot_user_t)
')
-tunable_policy(`use_nfs_home_dirs',`
- fs_read_nfs_files(chroot_user_t)
- fs_read_nfs_symlinks(chroot_user_t)
-')
+userdom_home_manager(chroot_user_t)
optional_policy(`
ssh_rw_dgram_sockets(chroot_user_t)