Allow dhcp to bind to udp ports > 1024 to do named stuff
Allow ssh_t to exec ssh_exec_t
')
optional_policy(`
- mount_exec(devicekit_power_t)
+ mount_domtrans(devicekit_power_t)
')
optional_policy(`
corenet_sendrecv_dhcpd_server_packets(dhcpd_t)
corenet_sendrecv_pxe_server_packets(dhcpd_t)
corenet_sendrecv_all_client_packets(dhcpd_t)
+corenet_dontaudit_udp_bind_all_reserved_ports(dhcpd_t)
+corenet_udp_bind_all_unreserved_ports(dhcpd_t)
dev_read_sysfs(dhcpd_t)
dev_read_rand(dhcpd_t)
allow ssh_t self:msgq create_msgq_perms;
allow ssh_t self:msg { send receive };
allow ssh_t self:tcp_socket create_stream_socket_perms;
+can_exec(ssh_t, ssh_exec_t)
# Read the ssh key file.
allow ssh_t sshd_key_t:file read_file_perms;