commit: 922a36f3770145f871fae43693999f592b0edca5
Author: Fabrice Fontaine <fontaine.fabrice <AT> gmail <DOT> com>
AuthorDate: Fri Jul 30 20:40:20 2021 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Sep 5 14:26:44 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=922a36f3
policy/modules/services/ftp.te: make ssh optional
Make ssh optional to avoid the following build failure:
Compiling targeted policy.30
env
LD_LIBRARY_PATH="/home/fabrice/buildroot/output/host/lib:/home/fabrice/buildroot/output/host/usr/lib"
/home/fabrice/buildroot/output/host/usr/bin/checkpolicy -c 30 -U deny -S -O -E
policy.conf -o policy.30
policy/modules/services/ftp.te:484:ERROR 'type ssh_home_t is not within scope'
at token ';' on line 92051:
allow sftpd_t ssh_home_t:dir { open read getattr lock search ioctl
add_name remove_name write };
#line 484
checkpolicy: error(s) encountered while parsing configuration
Signed-off-by: Fabrice Fontaine <fontaine.fabrice <AT> gmail.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/services/ftp.te | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/policy/modules/services/ftp.te b/policy/modules/services/ftp.te
index 0d84da71..5686b225 100644
--- a/policy/modules/services/ftp.te
+++ b/policy/modules/services/ftp.te
@@ -481,10 +481,6 @@ tunable_policy(`sftpd_full_access',`
files_manage_non_auth_files(sftpd_t)
')
-tunable_policy(`sftpd_write_ssh_home',`
- ssh_manage_home_files(sftpd_t)
-')
-
tunable_policy(`use_samba_home_dirs',`
fs_list_cifs(sftpd_t)
fs_read_cifs_files(sftpd_t)
@@ -496,3 +492,9 @@ tunable_policy(`use_nfs_home_dirs',`
fs_read_nfs_files(sftpd_t)
fs_read_nfs_symlinks(ftpd_t)
')
+
+optional_policy(`
+ tunable_policy(`sftpd_write_ssh_home',`
+ ssh_manage_home_files(sftpd_t)
+ ')
+')
