PERFORCE change 71668 for review

Wed Feb 23 15:48:32 GMT 2005

http://perforce.freebsd.org/chv.cgi?CH=71668

Change 71668 by areisse at areisse_tislabs on 2005/02/23 15:47:55

	Support reading or writing from terminals, so sshd login can
	query domains. If ssh_sysadm_login is true, relabel those
	terminal types.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/ssh.te#12 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/ssh.te#12 (text+ko) ====

@@ -293,7 +293,10 @@
 
 # Relabel ptys created by sshd
 allow sshd_login_t sshd_devpts_t:chr_file { relabelfrom relabelto };
-allow sshd_login_t userpty_type:chr_file { getattr relabelfrom relabelto };
+allow sshd_login_t userpty_type:chr_file { ioctl read write getattr relabelfrom relabelto };
+if (ssh_sysadm_login) {
+allow sshd_login_t sysadm_devpts_t:chr_file { ioctl read write getattr relabelfrom relabelto };
+}
 
 # open old-style ptys
 #allow sshd_login_t devpts_t:chr_file { read write relabelfrom relabelto getattr setattr };
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

