rkhunter: add interfaces for rkhunter module and sysadm permit

author: cgzones <cgzones@googlemail.com> 2017-06-08 16:16:15 +0200
committer: Jason Zaman <jason@perfinion.com> 2017-06-13 16:02:15 +0800
commit: b0d06664412c0c7baee2b8e12a26206d05a1ee02 (patch)
tree: 60fffa294d0c3febeae4a06124b7833c45b3220d /policy/modules/services
parent: miscfiles: Module version bump for patch from Luis Ressel. (diff)
download: hardened-refpolicy-b0d06664412c0c7baee2b8e12a26206d05a1ee02.tar.gz
hardened-refpolicy-b0d06664412c0c7baee2b8e12a26206d05a1ee02.tar.bz2
hardened-refpolicy-b0d06664412c0c7baee2b8e12a26206d05a1ee02.zip
1 files changed, 19 insertions, 0 deletions
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index 3eca8306..22642eb3 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -601,6 +601,25 @@ interface(`ssh_tcp_connect',`
 
 ########################################
 ## <summary>
+##	Execute the ssh daemon in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`ssh_exec_sshd',`
+	gen_require(`
+		type sshd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, sshd_exec_t)
+')
+
+########################################
+## <summary>
 ##	Execute the ssh daemon sshd domain.
 ## </summary>
 ## <param name="domain">
author	cgzones <cgzones@googlemail.com>	2017-06-08 16:16:15 +0200
committer	Jason Zaman <jason@perfinion.com>	2017-06-13 16:02:15 +0800
commit	b0d06664412c0c7baee2b8e12a26206d05a1ee02 (patch)
tree	60fffa294d0c3febeae4a06124b7833c45b3220d /policy/modules/services
parent	miscfiles: Module version bump for patch from Luis Ressel. (diff)
download	hardened-refpolicy-b0d06664412c0c7baee2b8e12a26206d05a1ee02.tar.gz hardened-refpolicy-b0d06664412c0c7baee2b8e12a26206d05a1ee02.tar.bz2 hardened-refpolicy-b0d06664412c0c7baee2b8e12a26206d05a1ee02.zip