commit: 5e86dfe471f0fa6de955817bcef5e652202a6904 Author: Nicolas PARLANT <nicolas.parlant <AT> parhuet <DOT> fr> AuthorDate: Wed May 21 16:33:17 2025 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Tue Jul 15 07:51:51 2025 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5e86dfe4
sshd: label sshd-auth as sshd_exec_t #797 openssh-10.0 has split off the authentication logic into a new binary called sshd-auth. As sshd-session, relabel with sshd_exec_t now before a reworking policy. Signed-off-by: Nicolas PARLANT <nicolas.parlant <AT> parhuet.fr> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/services/ssh.fc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc index 93bfa8d26..bf47884f5 100644 --- a/policy/modules/services/ssh.fc +++ b/policy/modules/services/ssh.fc @@ -8,8 +8,10 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0) /usr/bin/ssh-keygen -- gen_context(system_u:object_r:ssh_keygen_exec_t,s0) /usr/bin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0) +/usr/lib/misc/sshd-auth -- gen_context(system_u:object_r:sshd_exec_t,s0) /usr/lib/misc/sshd-session -- gen_context(system_u:object_r:sshd_exec_t,s0) /usr/lib/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0) +/usr/lib/openssh/sshd-auth -- gen_context(system_u:object_r:sshd_exec_t,s0) /usr/lib/openssh/sshd-session -- gen_context(system_u:object_r:sshd_exec_t,s0) /usr/lib/ssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
