diff options
| -rw-r--r-- | policy/modules/services/ssh.if | 19 | ||||
| -rw-r--r-- | policy/modules/system/init.te | 4 |
2 files changed, 23 insertions, 0 deletions
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if index dcbabf6b0..4b5fd5d33 100644 --- a/policy/modules/services/ssh.if +++ b/policy/modules/services/ssh.if @@ -537,6 +537,25 @@ interface(`ssh_signull',` ######################################## ## <summary> +## Use PIDFD file descriptors from the +## ssh server. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`ssh_use_sshd_pidfds',` + gen_require(` + type sshd_t; + ') + + allow $1 sshd_t:fd use; +') + +######################################## +## <summary> ## Read a ssh server unnamed pipe. ## </summary> ## <param name="domain"> diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 8f3772dcb..03d0de8ed 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -631,6 +631,10 @@ ifdef(`init_systemd',` ') optional_policy(` + ssh_use_sshd_pidfds(init_t) + ') + + optional_policy(` # for systemd --user: unconfined_search_keys(init_t) unconfined_create_keys(init_t) |