Custom policy for ssh-keygen failure

This patch contains a custom policy to allow ssh-keygen to write to
/tmp. This action is blocked by SELinux. The custom policy is needed
until the upstream SELinux policy is updated for Fedora or nova is
modified to call ssh-keygen to write out to a different directory.

Partial-Bug: 1284485
Change-Id: I59de4e88d9343e093a95436432e2e4d68f425d06
This commit is contained in:
Richard Su 2014-07-15 18:06:54 -07:00
parent 43e2b577b8
commit 77d89ebad4
1 changed files with 13 additions and 0 deletions

View File

@ -0,0 +1,13 @@
module tripleo-selinux-ssh 1.0;
require {
type ssh_keygen_t;
type init_tmp_t;
class file open;
}
#============= ssh_keygen_t ==============
# https://bugs.launchpad.net/tripleo/+bug/1284485
# https://bugzilla.redhat.com/show_bug.cgi?id=1125442
allow ssh_keygen_t init_tmp_t:file open;