diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0045-policy-modules-services-ssh-allow-ssh_keygen_t-to-re.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0045-policy-modules-services-ssh-allow-ssh_keygen_t-to-re.patch | 34 |
1 files changed, 0 insertions, 34 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0045-policy-modules-services-ssh-allow-ssh_keygen_t-to-re.patch b/recipes-security/refpolicy/refpolicy/0045-policy-modules-services-ssh-allow-ssh_keygen_t-to-re.patch deleted file mode 100644 index 4b7e2b5..0000000 --- a/recipes-security/refpolicy/refpolicy/0045-policy-modules-services-ssh-allow-ssh_keygen_t-to-re.patch +++ /dev/null | |||
@@ -1,34 +0,0 @@ | |||
1 | From be61411d6d7d3bb2c700ec24f42661ce9c728df4 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Fri, 29 Jan 2021 10:32:00 +0800 | ||
4 | Subject: [PATCH] policy/modules/services/ssh: allow ssh_keygen_t to read | ||
5 | proc_t | ||
6 | |||
7 | Fixes: | ||
8 | avc: denied { read } for pid=353 comm="ssh-keygen" name="filesystems" | ||
9 | dev="proc" ino=4026532078 scontext=system_u:system_r:ssh_keygen_t | ||
10 | tcontext=system_u:object_r:proc_t tclass=file permissive=0 | ||
11 | |||
12 | Upstream-Status: Inappropriate [embedded specific] | ||
13 | |||
14 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
15 | --- | ||
16 | policy/modules/services/ssh.te | 2 ++ | ||
17 | 1 file changed, 2 insertions(+) | ||
18 | |||
19 | diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te | ||
20 | index 238c45ed8..2bbf50e84 100644 | ||
21 | --- a/policy/modules/services/ssh.te | ||
22 | +++ b/policy/modules/services/ssh.te | ||
23 | @@ -330,6 +330,8 @@ allow ssh_keygen_t self:process { sigchld sigkill sigstop signull signal }; | ||
24 | |||
25 | allow ssh_keygen_t self:unix_stream_socket create_stream_socket_perms; | ||
26 | |||
27 | +allow ssh_keygen_t proc_t:file read_file_perms; | ||
28 | + | ||
29 | allow ssh_keygen_t sshd_key_t:file manage_file_perms; | ||
30 | files_etc_filetrans(ssh_keygen_t, sshd_key_t, file) | ||
31 | |||
32 | -- | ||
33 | 2.17.1 | ||
34 | |||