Add ssh_run_keygen to ssh_role_template

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 054eaa84e0a164d760a8078afcbef4ab43aa22a7..d721e34c2a3d1a619874509464871dd06553ac0c 100644 (file)
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -339,7 +339,6 @@ optional_policy(`
 
 optional_policy(`
        ssh_role_template(sysadm, sysadm_r, sysadm_t)
-       ssh_run_keygen(sysadm_t, sysadm_r)
 ')
 
 optional_policy(`

diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index d9913e09c30a8acdf8665972e30c088abc2e15b6..0f2729b1c0c387bc5d2e16032ec51476a4a6c309 100644 (file)
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -414,6 +414,8 @@ template(`ssh_role_template',`
        userdom_search_user_home_content($1_ssh_agent_t)
        userdom_user_home_domtrans($1_ssh_agent_t, $3)
 
+       ssh_run_keygen($3,$2)
+
        tunable_policy(`use_nfs_home_dirs',`
                fs_manage_nfs_files($1_ssh_agent_t)
 

diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index 503a845742bbbdb5ab0872cfbd65788e84c58491..f37192a9b85ee84fd6f111d1dce0523db1fd30bf 100644 (file)
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -380,6 +380,7 @@ files_etc_filetrans(ssh_keygen_t, sshd_key_t, file)
 manage_dirs_pattern(ssh_keygen_t, ssh_home_t, ssh_home_t)
 manage_files_pattern(ssh_keygen_t, ssh_home_t, ssh_home_t)
 userdom_admin_home_dir_filetrans(ssh_keygen_t, ssh_home_t, dir)
+userdom_user_home_dir_filetrans(ssh_keygen_t, ssh_home_t, dir)
 
 kernel_read_kernel_sysctls(ssh_keygen_t)