[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/

Jason Zaman Sun, 02 Aug 2015 12:24:06 -0700

commit:     35e90ad86ba18ed67f37e94ceffe97349c899c68
Author:     Luis Ressel <aranea <AT> aixah <DOT> de>
AuthorDate: Sun Jul 19 17:48:28 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Aug  2 19:21:29 2015 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=35e90ad8


Allow ssh-agent to send signals to itself

This is neccessary for "ssh-agent -k".

 policy/modules/services/ssh.if | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index cbd0cdd..3fda887 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -346,7 +346,7 @@ template(`ssh_role_template',`
        # SSH agent local policy
        #
 
-       allow $1_ssh_agent_t self:process setrlimit;
+       allow $1_ssh_agent_t self:process { setrlimit signal };
        allow $1_ssh_agent_t self:capability setgid;
 
        allow $1_ssh_agent_t { $1_ssh_agent_t $3 }:process signull;

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/

Reply via email to