From mboxrd@z Thu Jan  1 00:00:00 1970
From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 07 Dec 2012 00:48:25 -0500
Subject: [refpolicy] [PATCH 1/7] Properly label all the ssh host keys
In-Reply-To: <1354739968-4547-1-git-send-email-bigon@debian.org>
References: <1354739968-4547-1-git-send-email-bigon@debian.org>
Message-ID: <50C18329.8020904@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/5/2012 3:39 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
>
> Be sure that we are labeling properly all ssh host keys even if new
> algorithms are added in the future.
> ---
>   policy/modules/services/ssh.fc |    4 +---
>   1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc
> index 7df96c5..76d9f66 100644
> --- a/policy/modules/services/ssh.fc
> +++ b/policy/modules/services/ssh.fc
> @@ -1,9 +1,7 @@
>   HOME_DIR/\.ssh(/.*)?			gen_context(system_u:object_r:ssh_home_t,s0)
>
>   /etc/ssh/primes			--	gen_context(system_u:object_r:sshd_key_t,s0)
> -/etc/ssh/ssh_host_key 		--	gen_context(system_u:object_r:sshd_key_t,s0)
> -/etc/ssh/ssh_host_dsa_key	--	gen_context(system_u:object_r:sshd_key_t,s0)
> -/etc/ssh/ssh_host_rsa_key	--	gen_context(system_u:object_r:sshd_key_t,s0)
> +/etc/ssh/ssh_host.*_key		--	gen_context(system_u:object_r:sshd_key_t,s0)
>
>   /usr/bin/ssh			--	gen_context(system_u:object_r:ssh_exec_t,s0)
>   /usr/bin/ssh-agent		--	gen_context(system_u:object_r:ssh_agent_exec_t,s0)

Merged.


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com