Allow ssh_t to use kernel keyrings

author Dan Walsh <dwalsh@redhat.com>

Wed, 28 Sep 2011 19:18:18 +0000 (15:18 -0400)

committer Dan Walsh <dwalsh@redhat.com>

Wed, 28 Sep 2011 19:18:18 +0000 (15:18 -0400)
author Dan Walsh <dwalsh@redhat.com>
Wed, 28 Sep 2011 19:18:18 +0000 (15:18 -0400)
committer Dan Walsh <dwalsh@redhat.com>
Wed, 28 Sep 2011 19:18:18 +0000 (15:18 -0400)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if

index e548ede920debd21a9d42a18996ee37cfbd5bfec..e7a65aead42b59e85e3eeebf8cfd4626f73e2430 100644 (file)
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -3813,6 +3813,24 @@ interface(`userdom_sigchld_all_users',`
         allow $1 userdomain:process sigchld;
  ')
  
+########################################
+## <summary>
+##     Read keys for all user domains.
+## </summary>
+## <param name="domain">
+##     <summary>
+##     Domain allowed access.
+##     </summary>
+## </param>
+#
+interface(`userdom_read_all_users_keys',`
+       gen_require(`
+               attribute userdomain;
+       ')
+
+       allow $1 userdomain:key read;
+')
+
  ########################################
  ## <summary>
  ##     Create keys for all user domains.
author	Dan Walsh <dwalsh@redhat.com>
	Wed, 28 Sep 2011 19:18:18 +0000 (15:18 -0400)
committer	Dan Walsh <dwalsh@redhat.com>
	Wed, 28 Sep 2011 19:18:18 +0000 (15:18 -0400)