Allow ssh to do tunneling

author Dan Walsh <dwalsh@redhat.com>

Fri, 2 Sep 2011 13:10:08 +0000 (09:10 -0400)

committer Dan Walsh <dwalsh@redhat.com>

Fri, 2 Sep 2011 13:10:08 +0000 (09:10 -0400)
author Dan Walsh <dwalsh@redhat.com>
Fri, 2 Sep 2011 13:10:08 +0000 (09:10 -0400)
committer Dan Walsh <dwalsh@redhat.com>
Fri, 2 Sep 2011 13:10:08 +0000 (09:10 -0400)
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if

index 76e882963d1bc76fa384242e5275fa47908c5417..ba5d941deda9c62558cb8b9000b93a108bd00bcb 100644 (file)
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -185,6 +185,7 @@ template(`ssh_server_template',`
         allow $1_t self:process { signal getcap getsched setsched setrlimit setexec };
         allow $1_t self:tcp_socket create_stream_socket_perms;
         allow $1_t self:udp_socket create_socket_perms;
+       allow $1_t self:tun_socket create_socket_perms;
         # ssh agent connections:
         allow $1_t self:unix_stream_socket create_stream_socket_perms;
         allow $1_t self:shm create_shm_perms;
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te

index a85027d5f2336ff17aad79bba5e1ecd3fd436877..be7b7a39041273fb237cda351f55d1ac09ce025f 100644 (file)
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -146,6 +146,7 @@ corenet_tcp_connect_ssh_port(ssh_t)
  corenet_sendrecv_ssh_client_packets(ssh_t)
  corenet_tcp_bind_generic_node(ssh_t)
  corenet_tcp_bind_all_unreserved_ports(ssh_t)
+corenet_rw_tun_tap_dev(ssh_t)
  
  dev_read_rand(ssh_t)
  dev_read_urand(ssh_t)
author	Dan Walsh <dwalsh@redhat.com>
	Fri, 2 Sep 2011 13:10:08 +0000 (09:10 -0400)
committer	Dan Walsh <dwalsh@redhat.com>
	Fri, 2 Sep 2011 13:10:08 +0000 (09:10 -0400)
policy/modules/services/ssh.if		patch \| blob \| blame \| history
policy/modules/services/ssh.te		patch \| blob \| blame \| history