From 9eaf0704d267b466085be2c266c3b54d1120e028 Mon Sep 17 00:00:00 2001
From: Thomas Hurd <thurd@tresys.com>
Date: Mon, 20 Apr 2015 10:33:31 -0400
Subject: [PATCH] Issue #86

Add permissions for shutdown_t and sshd_keygen_t
---
 .../policy/modules/contrib/shutdown.te                 |  1 +
 .../clip-selinux-policy/policy/modules/services/ssh.te | 10 +++++-----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/packages/clip-selinux-policy/clip-selinux-policy/policy/modules/contrib/shutdown.te b/packages/clip-selinux-policy/clip-selinux-policy/policy/modules/contrib/shutdown.te
index e2544e14..16b88e2c 100644
--- a/packages/clip-selinux-policy/clip-selinux-policy/policy/modules/contrib/shutdown.te
+++ b/packages/clip-selinux-policy/clip-selinux-policy/policy/modules/contrib/shutdown.te
@@ -38,6 +38,7 @@ files_pid_filetrans(shutdown_t, shutdown_var_run_t, file)
 kernel_read_system_state(shutdown_t)
 
 domain_use_interactive_fds(shutdown_t)
+domain_sigstop_all_domains(shutdown_t)
 
 files_delete_boot_flag(shutdown_t)
 files_read_generic_pids(shutdown_t)
diff --git a/packages/clip-selinux-policy/clip-selinux-policy/policy/modules/services/ssh.te b/packages/clip-selinux-policy/clip-selinux-policy/policy/modules/services/ssh.te
index 3d3c1407..e6c2e812 100644
--- a/packages/clip-selinux-policy/clip-selinux-policy/policy/modules/services/ssh.te
+++ b/packages/clip-selinux-policy/clip-selinux-policy/policy/modules/services/ssh.te
@@ -374,9 +374,9 @@ optional_policy(`
 
 allow sshd_keygen_t self:capability { chown fsetid };
 
-#corecmd_exec_bin(sshd_keygen_t)
-#files_read_etc_files(sshd_keygen_t)
-#miscfiles_read_localization(sshd_keygen_t)
-#kernel_read_system_state(sshd_keygen_t)
+corecmd_exec_bin(sshd_keygen_t)
+files_read_etc_files(sshd_keygen_t)
+miscfiles_read_localization(sshd_keygen_t)
+kernel_read_system_state(sshd_keygen_t)
 
-#ssh_domtrans_keygen(sshd_keygen_t)
+ssh_domtrans_keygen(sshd_keygen_t)