Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
selinux-policy
suse_modifications_ssh.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File suse_modifications_ssh.patch of Package selinux-policy
Index: serefpolicy-20140730/policy/modules/services/ssh.te =================================================================== --- serefpolicy-20140730.orig/policy/modules/services/ssh.te +++ serefpolicy-20140730/policy/modules/services/ssh.te @@ -27,6 +27,16 @@ gen_tunable(ssh_sysadm_login, false) ## </desc> gen_tunable(ssh_chroot_rw_homedirs, false) +## <desc> +## <p> +## Allow sshd to forward port connections. This should work +## out-of-the-box according to 11b328b4cfa484d55db01a0f127cbc94fa776f48 +## but it doesn't +## </p> +## </desc> +## +gen_tunable(sshd_forward_ports, false) + attribute ssh_dyntransition_domain; attribute ssh_server; attribute ssh_agent_type; @@ -291,6 +301,11 @@ corenet_tcp_bind_xserver_port(sshd_t) corenet_tcp_bind_vnc_port(sshd_t) corenet_sendrecv_xserver_server_packets(sshd_t) +tunable_policy(`sshd_forward_ports',` + corenet_tcp_bind_all_unreserved_ports(sshd_t) + corenet_tcp_connect_all_ports(sshd_t) +') + auth_exec_login_program(sshd_t) userdom_read_user_home_content_files(sshd_t) @@ -300,6 +315,9 @@ userdom_spec_domtrans_unpriv_users(sshd_ userdom_signal_unpriv_users(sshd_t) userdom_dyntransition_unpriv_users(sshd_t) +allow sshd_t var_run_t:sock_file write; +files_rw_inherited_generic_pid_files(sshd_t) + tunable_policy(`ssh_sysadm_login',` # Relabel and access ptys created by sshd # ioctl is necessary for logout() processing for utmp entry and for w to
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor