rssh policy for fedora

Colin Walters walters at redhat.com
Sun Aug 15 05:46:32 UTC 2004 

Hi,

I've ported my rssh policy to the FC2 strict policy; it required some
changes to allow sshd to enter the domain (the "userdomain" attribute),
and to make pty labeling work correctly (can_create_pty and
type_change).   I'm a little unsure about making this domain be a
userdomain, there are a lot of implications from that.  But I think it
was the constraints that were stopping sshd from entering it.

It probably doesn't make sense to include this in the Fedora policy at
the moment since we don't ship rssh in Fedora, but maybe others here
will find this useful.

Although, come to think of it, this approach would probably be a good
way to restrict cvs+ssh too, which is a fairly common setup.

-------------- next part --------------
#
# Macros for Rssh domains
#
# Author: Colin Walters <walters at verbum.org>
#

#
# rssh_domain(domain_prefix)
#
# Define a specific rssh domain.
#
# The type declaration for the executable type for this program is
# provided separately in domains/program/rssh.te. 
#
undefine(`rssh_domain')
ifdef(`rssh.te', `
define(`rssh_domain',`
type rssh_$1_t, domain, userdomain, privlog, privfd;
role rssh_$1_r types rssh_$1_t;
allow system_r rssh_$1_r;

type rssh_$1_rw_t, file_type, sysadmfile;
type rssh_$1_ro_t, file_type, sysadmfile;

general_domain_access(rssh_$1_t);
uses_shlib(rssh_$1_t);
base_file_read_access(rssh_$1_t);
allow rssh_$1_t var_t:dir r_dir_perms;
r_dir_file(rssh_$1_t, etc_t);
r_dir_file(rssh_$1_t, etc_runtime_t);
r_dir_file(rssh_$1_t, locale_t);
can_exec(rssh_$1_t, bin_t);

allow rssh_$1_t proc_t:dir { getattr search };
allow rssh_$1_t proc_t:lnk_file { getattr read };

r_dir_file(rssh_$1_t, rssh_$1_ro_t);
create_dir_file(rssh_$1_t, rssh_$1_rw_t);

can_create_pty(rssh_$1, `, userpty_type, user_tty_type')
# Use the type when relabeling pty devices.
type_change rssh_$1_t server_pty:chr_file rssh_$1_devpts_t;

ifdef(`ssh.te',`
allow rssh_$1_t sshd_t:fd use;
allow rssh_$1_t sshd_t:tcp_socket rw_stream_socket_perms;
allow rssh_$1_t sshd_t:unix_stream_socket rw_stream_socket_perms;
# For reading /home/user/.ssh
r_dir_file(sshd_t, rssh_$1_ro_t);
domain_trans(sshd_t, rssh_exec_t, rssh_$1_t);
')
')

', `

define(`rssh_domain',`')

')
-------------- next part --------------
#DESC Rssh - Restricted (scp/sftp) only shell
#
# Authors: Colin Walters <walters at verbum.org>
# X-Debian-Package: rssh
#

type rssh_exec_t, file_type, sysadmfile, exec_type;

ifdef(`ssh.te',`
allow sshd_t rssh_exec_t:file r_file_perms;
')

# See rssh_macros.te for the rest.
-------------- next part --------------
# rssh
/usr/bin/rssh			system_u:object_r:rssh_exec_t
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040815/40bdc1a3/attachment.sig>

More information about the fedora-selinux-list mailing list