Allow ssh_t to use kernel keyrings

author Dan Walsh <dwalsh@redhat.com>

Wed, 28 Sep 2011 19:17:16 +0000 (15:17 -0400)

committer Dan Walsh <dwalsh@redhat.com>

Wed, 28 Sep 2011 19:17:16 +0000 (15:17 -0400)
author Dan Walsh <dwalsh@redhat.com>
Wed, 28 Sep 2011 19:17:16 +0000 (15:17 -0400)
committer Dan Walsh <dwalsh@redhat.com>
Wed, 28 Sep 2011 19:17:16 +0000 (15:17 -0400)
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te

index a6e2e1e0a8f53ab17d391412b2a97394ed0c505b..d81a09fcda119c7c250d65d0d6f393c5e7126dbe 100644 (file)
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -105,6 +105,7 @@ allow ssh_t self:capability { setuid setgid dac_override dac_read_search };
  allow ssh_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
  allow ssh_t self:fd use;
  allow ssh_t self:fifo_file rw_fifo_file_perms;
+allow ssh_t self:key read;
  allow ssh_t self:unix_dgram_socket { create_socket_perms sendto };
  allow ssh_t self:unix_stream_socket { create_stream_socket_perms connectto };
  allow ssh_t self:shm create_shm_perms;
@@ -126,6 +127,7 @@ fs_tmpfs_filetrans(ssh_t, ssh_tmpfs_t, { dir file lnk_file sock_file fifo_file }
  manage_dirs_pattern(ssh_t, ssh_home_t, ssh_home_t)
  manage_sock_files_pattern(ssh_t, ssh_home_t, ssh_home_t)
  userdom_user_home_dir_filetrans(ssh_t, ssh_home_t, { dir sock_file })
+userdom_read_all_users_keys(ssh_t)
  userdom_stream_connect(ssh_t)
  userdom_search_admin_dir(sshd_t)
  userdom_admin_home_dir_filetrans(ssh_t, ssh_home_t, { dir sock_file })
author	Dan Walsh <dwalsh@redhat.com>
	Wed, 28 Sep 2011 19:17:16 +0000 (15:17 -0400)
committer	Dan Walsh <dwalsh@redhat.com>
	Wed, 28 Sep 2011 19:17:16 +0000 (15:17 -0400)