Fabian Deutsch has uploaded a new change for review. Change subject: semodule: Move sshd_keygen_t to conditional ......................................................................
semodule: Move sshd_keygen_t to conditional Change-Id: I225f45064f414854cc116f20cb54fb24672d02b4 Signed-off-by: Fabian Deutsch <[email protected]> --- M semodule/ovirt.te.in 1 file changed, 3 insertions(+), 6 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/24/27424/1 diff --git a/semodule/ovirt.te.in b/semodule/ovirt.te.in index 94daef3..feeb875 100644 --- a/semodule/ovirt.te.in +++ b/semodule/ovirt.te.in @@ -345,17 +345,14 @@ #============= sshd_keygen_t ============== optional_policy(` require { + type ssh_keygen_t; type sshd_keygen_t; type tmpfs_t; } allow sshd_keygen_t tmpfs_t:dir { search }; + allow sshd_keygen_t setfiles_t:process { siginh rlimitinh noatsecure }; + allow sshd_keygen_t ssh_keygen_t:process { siginh rlimitinh noatsecure }; ') -require { - type sshd_keygen_t; - type ssh_keygen_t; -} -allow sshd_keygen_t setfiles_t:process { siginh rlimitinh noatsecure }; -allow sshd_keygen_t ssh_keygen_t:process { siginh rlimitinh noatsecure }; #============= mandb_t ============== -- To view, visit http://gerrit.ovirt.org/27424 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I225f45064f414854cc116f20cb54fb24672d02b4 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-node Gerrit-Branch: master Gerrit-Owner: Fabian Deutsch <[email protected]> _______________________________________________ node-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-patches
