Use domtrans_pattern where possible.

author Dominick Grift <domg472@gmail.com>

Fri, 24 Sep 2010 08:19:19 +0000 (10:19 +0200)

committer Dominick Grift <domg472@gmail.com>

Fri, 24 Sep 2010 10:33:27 +0000 (12:33 +0200)
author Dominick Grift <domg472@gmail.com>
Fri, 24 Sep 2010 08:19:19 +0000 (10:19 +0200)
committer Dominick Grift <domg472@gmail.com>
Fri, 24 Sep 2010 10:33:27 +0000 (12:33 +0200)
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te

index 5315f9b5014dd055b49b014133c1d2c8180938cf..c1c739333bac270f55489d53f591803b5f026ae7 100644 (file)
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -180,10 +180,7 @@ userdom_write_user_tmp_files(ssh_t)
  userdom_read_user_home_content_symlinks(ssh_t)
  
  tunable_policy(`allow_ssh_keysign',`
-       domain_auto_trans(ssh_t, ssh_keysign_exec_t, ssh_keysign_t)
-       allow ssh_keysign_t ssh_t:fd use;
-       allow ssh_keysign_t ssh_t:process sigchld;
-       allow ssh_keysign_t ssh_t:fifo_file rw_file_perms;
+       domtrans_pattern(ssh_t, ssh_keysign_exec_t, ssh_keysign_t)
  ')
  
  tunable_policy(`use_nfs_home_dirs',`
author	Dominick Grift <domg472@gmail.com>
	Fri, 24 Sep 2010 08:19:19 +0000 (10:19 +0200)
committer	Dominick Grift <domg472@gmail.com>
	Fri, 24 Sep 2010 10:33:27 +0000 (12:33 +0200)