Skip to content

Commit

Permalink
Issue OwlCyberDefense#86
Browse files Browse the repository at this point in the history 
Add permissions for shutdown_t and sshd_keygen_t
  • Loading branch information
@tomhurd @mpalmi
tomhurd authored and mpalmi committed Apr 23, 2015
1 parent 4220567 commit 9eaf070
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 5 deletions.
1 change: 1 addition & 0 deletions packages/clip-selinux-policy/clip-selinux-policy/policy/modules/contrib/shutdown.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ files_pid_filetrans(shutdown_t, shutdown_var_run_t, file)
kernel_read_system_state(shutdown_t)

domain_use_interactive_fds(shutdown_t)
domain_sigstop_all_domains(shutdown_t)

files_delete_boot_flag(shutdown_t)
files_read_generic_pids(shutdown_t)
Expand Down
10 changes: 5 additions & 5 deletions packages/clip-selinux-policy/clip-selinux-policy/policy/modules/services/ssh.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -374,9 +374,9 @@ optional_policy(`

allow sshd_keygen_t self:capability { chown fsetid };

#corecmd_exec_bin(sshd_keygen_t)
#files_read_etc_files(sshd_keygen_t)
#miscfiles_read_localization(sshd_keygen_t)
#kernel_read_system_state(sshd_keygen_t)
corecmd_exec_bin(sshd_keygen_t)
files_read_etc_files(sshd_keygen_t)
miscfiles_read_localization(sshd_keygen_t)
kernel_read_system_state(sshd_keygen_t)

#ssh_domtrans_keygen(sshd_keygen_t)
ssh_domtrans_keygen(sshd_keygen_t)

0 comments on commit 9eaf070

Please sign in to comment.