Signed-off-by: Alexander Miroshnichenko <alex@xxxxxxxxxxxxxx> --- policy/modules/services/ssh.if | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if index b5bd2762ef96..0941f133711e 100644 --- a/policy/modules/services/ssh.if +++ b/policy/modules/services/ssh.if @@ -701,6 +701,25 @@ interface(`ssh_read_user_home_files',` userdom_search_user_home_dirs($1) ') +######################################## +## <summary> +## Execute the ssh key generator in the caller domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +# +interface(`ssh_exec_keygen',` + gen_require(` + type ssh_keygen_exec_t; + ') + + corecmd_search_bin($1) + can_exec($1, ssh_keygen_exec_t) +') + ######################################## ## <summary> ## Execute the ssh key generator in the ssh keygen domain. -- 2.21.0
