From owner-p4-projects@FreeBSD.ORG  Thu Sep 25 12:43:46 2003
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id D3E1016A4C0; Thu, 25 Sep 2003 12:43:45 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AA17016A4B3
	for <perforce@freebsd.org>; Thu, 25 Sep 2003 12:43:45 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0A7ED43FE5
	for <perforce@freebsd.org>; Thu, 25 Sep 2003 12:43:45 -0700 (PDT)
	(envelope-from areisse@nailabs.com)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id h8PJhiXJ024013
	for <perforce@freebsd.org>; Thu, 25 Sep 2003 12:43:44 -0700 (PDT)
	(envelope-from areisse@nailabs.com)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.9/8.12.9/Submit) id h8PJhiXK024010
	for perforce@freebsd.org; Thu, 25 Sep 2003 12:43:44 -0700 (PDT)
	(envelope-from areisse@nailabs.com)
Date: Thu, 25 Sep 2003 12:43:44 -0700 (PDT)
Message-Id: <200309251943.h8PJhiXK024010@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	areisse@nailabs.com using -f
From: Andrew Reisse <areisse@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 38599 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Sep 2003 19:43:46 -0000

http://perforce.freebsd.org/chv.cgi?CH=38599

Change 38599 by areisse@areisse_tislabs on 2003/09/25 12:43:20

	sshd can't run shells directly
	sshd can be restarted
	sebsd_loadpolicy labelling
	makefile no longer deletes symlinks

Affected files ...

.. //depot/projects/trustedbsd/sebsd_policy/policy/Makefile#4 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/load_policy.te#2 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/ssh.te#4 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/file_contexts/program/load_policy.fc#2 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/macros/program/ssh_macros.te#3 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd_policy/policy/Makefile#4 (text+ko) ====

@@ -136,7 +136,7 @@
 	rm -f tmp/*
 	rm -f $(FC)
 # for the policy regression tester
-	find "domains/program/" -maxdepth 1 -type l -exec rm {} \; ; \
+	#find "domains/program/" -maxdepth 1 -type l -exec rm {} \; ; \
 
 # Policy regression tester.
 # Written by Colin Walters <walters@debian.org>

==== //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/load_policy.te#2 (text+ko) ====

@@ -50,6 +50,7 @@
 allow load_policy_t self:capability dac_override;
 
 allow load_policy_t { initrc_t privfd }:fd use;
+allow load_policy_t self:fd { create use };
 
 allow load_policy_t fs_t:filesystem getattr;
 

==== //depot/projects/trustedbsd/sebsd_policy/policy/domains/program/ssh.te#4 (text+ko) ====

@@ -59,11 +59,12 @@
 allow $1 { home_root_t user_home_dir_type sysadm_home_dir_t }:dir { search getattr };
 
 # Run shells in user_t by default
-domain_auto_trans($1, shell_exec_t, user_t)
-domain_trans($1, shell_exec_t, unpriv_userdomain)
+# Disabled - must use UseLogin option on FreeBSD
+#domain_auto_trans($1, shell_exec_t, user_t)
+#domain_trans($1, shell_exec_t, unpriv_userdomain)
 
 # Set exec context.
-can_setexec($1)
+#can_setexec($1)
 
 # Allow shells to be run in sysadm_t as well.
 # Commented out.  Use newrole rather than directly entering sysadm_t.
@@ -131,6 +132,9 @@
 # Execute Login
 domain_auto_trans(sshd_t, login_exec_t, sshd_login_t)
 
+# Allow restarting self on SIGHUP
+can_exec(sshd_t, sshd_exec_t);
+
 # Use capabilities.
 allow sshd_t self:capability { sys_chroot sys_resource };
 
@@ -177,6 +181,10 @@
 
 allow sshd_login_t self:capability { linux_immutable sys_resource };
 
+# run user shells
+domain_auto_trans(sshd_login_t, shell_exec_t, user_t)
+domain_trans(sshd_login_t, shell_exec_t, unpriv_userdomain)
+
 read_locale(sshd_t)
 
 # Allow checking users mail at login

==== //depot/projects/trustedbsd/sebsd_policy/policy/file_contexts/program/load_policy.fc#2 (text+ko) ====

@@ -1,2 +1,2 @@
 # load_policy
-/usr/sbin/load_policy			system_u:object_r:load_policy_exec_t
+/usr/sbin/sebsd_loadpolicy			system_u:object_r:load_policy_exec_t

==== //depot/projects/trustedbsd/sebsd_policy/policy/macros/program/ssh_macros.te#3 (text+ko) ====