|
|
http://perforce.freebsd.org/chv.cgi?CH=71668
Change 71668 by areisse@areisse_tislabs on 2005/02/23 15:47:55
Support reading or writing from terminals, so sshd login can
query domains. If ssh_sysadm_login is true, relabel those
terminal types.
Affected files ...
..
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/ssh.te#12
edit
Differences ...
====
//depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/ssh.te#12
(text+ko) ====
@@ -293,7 +293,10 @@
# Relabel ptys created by sshd
allow sshd_login_t sshd_devpts_t:chr_file { relabelfrom relabelto };
-allow sshd_login_t userpty_type:chr_file { getattr relabelfrom relabelto };
+allow sshd_login_t userpty_type:chr_file { ioctl read write getattr
relabelfrom relabelto };
+if (ssh_sysadm_login) {
+allow sshd_login_t sysadm_devpts_t:chr_file { ioctl read write getattr
relabelfrom relabelto };
+}
# open old-style ptys
#allow sshd_login_t devpts_t:chr_file { read write relabelfrom relabelto
getattr setattr };
_______________________________________________
p4-projects@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/p4-projects
To unsubscribe, send any mail to "p4-projects-unsubscribe@xxxxxxxxxxx"
|
|