From: Dan Walsh Date: Tue, 29 Nov 2011 03:06:19 +0000 (-0500) Subject: Allow sshd_t to getattr on all file systems in order to generate avc on nfs_t X-Git-Tag: 000~69 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f5650ab535ffd9536fe948834bee5b0b0eb3149b;p=people%2Fstevee%2Fselinux-policy.git Allow sshd_t to getattr on all file systems in order to generate avc on nfs_t --- diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if index d6a4b773..e494f5cd 100644 --- a/policy/modules/services/ssh.if +++ b/policy/modules/services/ssh.if @@ -250,7 +250,7 @@ template(`ssh_server_template',` # tunnel feature and -w (net_admin capability also) corenet_rw_tun_tap_dev($1_t) - fs_dontaudit_getattr_all_fs($1_t) + fs_getattr_all_fs($1_t) auth_rw_login_records($1_t) auth_rw_faillog($1_t)