PERFORCE change 38599 for review

Andrew Reisse areisse at FreeBSD.org
Thu Sep 25 19:43:44 GMT 2003 

http://perforce.freebsd.org/chv.cgi?CH=38599

Change 38599 by areisse at areisse_tislabs on 2003/09/25 12:43:20

	sshd can't run shells directly
	sshd can be restarted
	sebsd_loadpolicy labelling
	makefile no longer deletes symlinks

Affected files ...

.. //depot/projects/trustedbsd/sebsd_policy/policy/Makefile#4 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/load_policy.te#2 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/ssh.te#4 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/file_contexts/program/load_policy.fc#2 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/macros/program/ssh_macros.te#3 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd_policy/policy/Makefile#4 (text+ko) ====

@@ -136,7 +136,7 @@
 	rm -f tmp/*
 	rm -f $(FC)
 # for the policy regression tester
-	find "domains/program/" -maxdepth 1 -type l -exec rm {} \; ; \
+	#find "domains/program/" -maxdepth 1 -type l -exec rm {} \; ; \
 
 # Policy regression tester.
 # Written by Colin Walters <walters at debian.org>

==== //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/load_policy.te#2 (text+ko) ====

@@ -50,6 +50,7 @@
 allow load_policy_t self:capability dac_override;
 
 allow load_policy_t { initrc_t privfd }:fd use;
+allow load_policy_t self:fd { create use };
 
 allow load_policy_t fs_t:filesystem getattr;
 

==== //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/ssh.te#4 (text+ko) ====

@@ -59,11 +59,12 @@
 allow $1 { home_root_t user_home_dir_type sysadm_home_dir_t }:dir { search getattr };
 
 # Run shells in user_t by default
-domain_auto_trans($1, shell_exec_t, user_t)
-domain_trans($1, shell_exec_t, unpriv_userdomain)
+# Disabled - must use UseLogin option on FreeBSD
+#domain_auto_trans($1, shell_exec_t, user_t)
+#domain_trans($1, shell_exec_t, unpriv_userdomain)
 
 # Set exec context.
-can_setexec($1)
+#can_setexec($1)
 
 # Allow shells to be run in sysadm_t as well.
 # Commented out.  Use newrole rather than directly entering sysadm_t.
@@ -131,6 +132,9 @@
 # Execute Login
 domain_auto_trans(sshd_t, login_exec_t, sshd_login_t)
 
+# Allow restarting self on SIGHUP
+can_exec(sshd_t, sshd_exec_t);
+
 # Use capabilities.
 allow sshd_t self:capability { sys_chroot sys_resource };
 
@@ -177,6 +181,10 @@
 
 allow sshd_login_t self:capability { linux_immutable sys_resource };
 
+# run user shells
+domain_auto_trans(sshd_login_t, shell_exec_t, user_t)
+domain_trans(sshd_login_t, shell_exec_t, unpriv_userdomain)
+
 read_locale(sshd_t)
 
 # Allow checking users mail at login

==== //depot/projects/trustedbsd/sebsd_policy/policy/file_contexts/program/load_policy.fc#2 (text+ko) ====

@@ -1,2 +1,2 @@
 # load_policy
-/usr/sbin/load_policy			system_u:object_r:load_policy_exec_t
+/usr/sbin/sebsd_loadpolicy			system_u:object_r:load_policy_exec_t

==== //depot/projects/trustedbsd/sebsd_policy/policy/macros/program/ssh_macros.te#3 (text+ko) ====

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list