Create interface ssh_search_dir to allow ssh_server search for keys in non-standard location. Signed-off-by: Alexander Miroshnichenko <alex@xxxxxxxxxxxxxx> --- policy/modules/services/ssh.if | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if index 0941f133711e..51c64ded00c4 100644 --- a/policy/modules/services/ssh.if +++ b/policy/modules/services/ssh.if @@ -680,6 +680,24 @@ interface(`ssh_agent_exec',` can_exec($1, ssh_agent_exec_t) ') +######################################## +## <summary> +## Search for keys in non-standard location +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`ssh_search_dir',` + gen_require(` + type sshd_t; + ') + + allow sshd_t $1:dir search_dir_perms; +') + ######################################## ## <summary> ## Read ssh home directory content -- 2.21.0