Date: Wed, 23 Feb 2005 15:48:32 GMT From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 71668 for review Message-ID: <200502231548.j1NFmWVK062714@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=71668 Change 71668 by areisse@areisse_tislabs on 2005/02/23 15:47:55 Support reading or writing from terminals, so sshd login can query domains. If ssh_sysadm_login is true, relabel those terminal types. Affected files ... .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/ssh.te#12 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/ssh.te#12 (text+ko) ==== @@ -293,7 +293,10 @@ # Relabel ptys created by sshd allow sshd_login_t sshd_devpts_t:chr_file { relabelfrom relabelto }; -allow sshd_login_t userpty_type:chr_file { getattr relabelfrom relabelto }; +allow sshd_login_t userpty_type:chr_file { ioctl read write getattr relabelfrom relabelto }; +if (ssh_sysadm_login) { +allow sshd_login_t sysadm_devpts_t:chr_file { ioctl read write getattr relabelfrom relabelto }; +} # open old-style ptys #allow sshd_login_t devpts_t:chr_file { read write relabelfrom relabelto getattr setattr };
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502231548.j1NFmWVK062714>