Hi, I've ported my rssh policy to the FC2 strict policy; it required some changes to allow sshd to enter the domain (the "userdomain" attribute), and to make pty labeling work correctly (can_create_pty and type_change). I'm a little unsure about making this domain be a userdomain, there are a lot of implications from that. But I think it was the constraints that were stopping sshd from entering it. It probably doesn't make sense to include this in the Fedora policy at the moment since we don't ship rssh in Fedora, but maybe others here will find this useful. Although, come to think of it, this approach would probably be a good way to restrict cvs+ssh too, which is a fairly common setup.
#
# Macros for Rssh domains
#
# Author: Colin Walters <walters@xxxxxxxxxx>
#
#
# rssh_domain(domain_prefix)
#
# Define a specific rssh domain.
#
# The type declaration for the executable type for this program is
# provided separately in domains/program/rssh.te.
#
undefine(`rssh_domain')
ifdef(`rssh.te', `
define(`rssh_domain',`
type rssh_$1_t, domain, userdomain, privlog, privfd;
role rssh_$1_r types rssh_$1_t;
allow system_r rssh_$1_r;
type rssh_$1_rw_t, file_type, sysadmfile;
type rssh_$1_ro_t, file_type, sysadmfile;
general_domain_access(rssh_$1_t);
uses_shlib(rssh_$1_t);
base_file_read_access(rssh_$1_t);
allow rssh_$1_t var_t:dir r_dir_perms;
r_dir_file(rssh_$1_t, etc_t);
r_dir_file(rssh_$1_t, etc_runtime_t);
r_dir_file(rssh_$1_t, locale_t);
can_exec(rssh_$1_t, bin_t);
allow rssh_$1_t proc_t:dir { getattr search };
allow rssh_$1_t proc_t:lnk_file { getattr read };
r_dir_file(rssh_$1_t, rssh_$1_ro_t);
create_dir_file(rssh_$1_t, rssh_$1_rw_t);
can_create_pty(rssh_$1, `, userpty_type, user_tty_type')
# Use the type when relabeling pty devices.
type_change rssh_$1_t server_pty:chr_file rssh_$1_devpts_t;
ifdef(`ssh.te',`
allow rssh_$1_t sshd_t:fd use;
allow rssh_$1_t sshd_t:tcp_socket rw_stream_socket_perms;
allow rssh_$1_t sshd_t:unix_stream_socket rw_stream_socket_perms;
# For reading /home/user/.ssh
r_dir_file(sshd_t, rssh_$1_ro_t);
domain_trans(sshd_t, rssh_exec_t, rssh_$1_t);
')
')
', `
define(`rssh_domain',`')
')
#DESC Rssh - Restricted (scp/sftp) only shell # # Authors: Colin Walters <walters@xxxxxxxxxx> # X-Debian-Package: rssh # type rssh_exec_t, file_type, sysadmfile, exec_type; ifdef(`ssh.te',` allow sshd_t rssh_exec_t:file r_file_perms; ') # See rssh_macros.te for the rest.
# rssh /usr/bin/rssh system_u:object_r:rssh_exec_t
Attachment:
signature.asc
Description: This is a digitally signed message part
