On Thu, Jun 20, 2019 at 05:41:37PM +0300, Alexander Miroshnichenko wrote: > Signed-off-by: Alexander Miroshnichenko <alex@xxxxxxxxxxxxxx> > --- > policy/modules/services/ssh.if | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) > > diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if > index b5bd2762ef96..0941f133711e 100644 > --- a/policy/modules/services/ssh.if > +++ b/policy/modules/services/ssh.if > @@ -701,6 +701,25 @@ interface(`ssh_read_user_home_files',` > userdom_search_user_home_dirs($1) > ') > > +######################################## > +## <summary> > +## Execute the ssh key generator in the caller domain. > +## </summary> > +## <param name="domain"> > +## <summary> > +## Domain allowed to transition. "Domain allowed access." Its not a transition. I suppose you have a use for this interface? > +## </summary> > +## </param> > +# > +interface(`ssh_exec_keygen',` > + gen_require(` > + type ssh_keygen_exec_t; > + ') > + > + corecmd_search_bin($1) > + can_exec($1, ssh_keygen_exec_t) > +') > + > ######################################## > ## <summary> > ## Execute the ssh key generator in the ssh keygen domain. > -- > 2.21.0 > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: PGP signature
