1
# $Id: usr.sbin.sshd 290 2007-01-05 13:02:25Z seth_arnold $
2
# ------------------------------------------------------------------
4
# Copyright (C) 2002-2005 Novell/SUSE
6
# This program is free software; you can redistribute it and/or
7
# modify it under the terms of version 2 of the GNU General Public
8
# License published by the Free Software Foundation.
10
# ------------------------------------------------------------------
11
# will need to revalidate this profile once we finish re-architecting
12
# the change_hat patch.
16
#include <tunables/global>
19
#include <abstractions/authentication>
20
#include <abstractions/base>
21
#include <abstractions/consoles>
22
#include <abstractions/nameservice>
23
#include <abstractions/wutmp>
25
capability sys_chroot,
26
capability sys_tty_config,
27
capability net_bind_service,
43
/var/run/sshd{,.init}.pid wl,
46
/proc/[0-9]*/loginuid w,
48
# should only be here for use in non-change-hat openssh
49
# duplicated from EXEC hat
61
# Call passwd for password change when expired
65
# stuff duplicated from PRIVSEP_MONITOR
66
@{HOME}/.ssh/authorized_keys{,2} r,
70
/proc/sys/kernel/ngroups_max r,
71
/proc/[0-9]*/mounts r,
73
# duplicated from AUTHENTICATED
75
/tmp/ssh-*/agent.[0-9]* rwl,
80
# default subprofile for when sshd has authenticated the user
83
#include <abstractions/base>
101
# subprofile for handling network input (privilege seperated child)
104
#include <abstractions/base>
105
#include <abstractions/nameservice>
107
capability sys_chroot,
112
# /dev/pts/[0-9]* rw,
116
# subprofile that handles authentication requests from the privilege
120
#include <abstractions/authentication>
121
#include <abstractions/base>
122
#include <abstractions/nameservice>
123
#include <abstractions/wutmp>
130
@{HOME}/.ssh/authorized_keys{,2} r,
137
/proc/sys/kernel/ngroups_max r,
138
/proc/[0-9]*/mounts r,
141
# /dev/pts/[0-9]* rw,
145
# subprofile for post-authentication period until the user's shell is spawned
148
#include <abstractions/authentication>
149
#include <abstractions/consoles>
150
#include <abstractions/nameservice>
151
#include <abstractions/wutmp>
153
capability sys_tty_config,
159
/etc/default/passwd r,
163
/proc/sys/kernel/ngroups_max r,
164
/tmp/ssh-*/agent.[0-9]* rwl,
167
# /dev/pts/[0-9]* rw,