Create interface ssh_search_dir to allow ssh_server search for keys in non-standard location. Signed-off-by: Alexander Miroshnichenko <alex@xxxxxxxxxxxxxx> --- policy/modules/services/ssh.if | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if index b5bd2762ef96..7eb1cee2ef76 100644 --- a/policy/modules/services/ssh.if +++ b/policy/modules/services/ssh.if @@ -680,6 +680,24 @@ interface(`ssh_agent_exec',` can_exec($1, ssh_agent_exec_t) ') +######################################## +## <summary> +## Search for keys in non-standard location +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`ssh_search_dir',` + gen_require(` + type sshd_t; + ') + + search_dirs_pattern(sshd_t, $1, $2) +') + ######################################## ## <summary> ## Read ssh home directory content -- 2.21.0
