Allow ssh to execute systemctl

author Miroslav Grepl <mgrepl@redhat.com>

Mon, 6 Jun 2011 12:03:46 +0000 (12:03 +0000)

committer Miroslav Grepl <mgrepl@redhat.com>

Mon, 6 Jun 2011 15:25:05 +0000 (15:25 +0000)
author Miroslav Grepl <mgrepl@redhat.com>
Mon, 6 Jun 2011 12:03:46 +0000 (12:03 +0000)
committer Miroslav Grepl <mgrepl@redhat.com>
Mon, 6 Jun 2011 15:25:05 +0000 (15:25 +0000)
diff --git a/policy/modules/services/inetd.te b/policy/modules/services/inetd.te

index de05a6f360e177a5c26d032966e66091f38ca829..5f71f35de3b2e3ebeed4e50c5feed2cc7d5d0666 100644 (file)
--- a/policy/modules/services/inetd.te
+++ b/policy/modules/services/inetd.te
@@ -151,6 +151,8 @@ mls_socket_read_to_clearance(inetd_t)
  mls_socket_write_to_clearance(inetd_t)
  mls_net_outbound_all_levels(inetd_t)
  mls_process_set_level(inetd_t)
+#706086
+mls_net_outbound_all_levels(inetd_t)
  
  sysnet_read_config(inetd_t)
  
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te

index c71bdb9b31b42ebe6d7a18e796b9e5377dcb1e9a..fcfc95bd11f24c525dd5ed478a26c5b02d9b262d 100644 (file)
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -328,6 +328,10 @@ optional_policy(`
         rssh_read_ro_content(sshd_t)
  ')
  
+optional_policy(`
+       systemd_exec_systemctl(sshd_t)
+')
+
  optional_policy(`
         usermanage_domtrans_passwd(sshd_t)
         usermanage_read_crack_db(sshd_t)
author	Miroslav Grepl <mgrepl@redhat.com>
	Mon, 6 Jun 2011 12:03:46 +0000 (12:03 +0000)
committer	Miroslav Grepl <mgrepl@redhat.com>
	Mon, 6 Jun 2011 15:25:05 +0000 (15:25 +0000)
policy/modules/services/inetd.te		patch \| blob \| blame \| history
policy/modules/services/ssh.te		patch \| blob \| blame \| history