Secure shell client and server policy.
Execute the ssh daemon sshd domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Execute the ssh key generator in the ssh keygen domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read ssh server keys
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Do not audit attempts to read and write ssh server TCP sockets.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
dontaudit use of file descriptor from the ssh-agent.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Execute the ssh client in the caller domain.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read a ssh server unnamed pipe.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write ssh server unix domain stream sockets.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write ssh server TCP sockets.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read ssh server keys
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Send a SIGCHLD signal to the ssh server.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Connect to SSH daemons over TCP sockets. (Deprecated)
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Inherit and use a file descriptor from the ssh-agent.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Basic SSH client template.
This template creates a derived domains which are used for ssh client sessions. A derived type is also created to protect the user ssh keys.
This template was added for NX.
Parameter: | Description: | Optional: |
---|---|---|
userdomain_prefix |
The prefix of the domain (e.g., user is the prefix for user_t). | No |
user_domain |
The type of the domain. | No |
user_role |
The role associated with the user domain. | No |
The per role template for the ssh module.
This template creates a derived domains which are used for ssh client sessions and user ssh agents. A derived type is also created to protect the user ssh keys.
This template is invoked automatically for each user, and generally does not need to be invoked directly by policy writers.
Parameter: | Description: | Optional: |
---|---|---|
userdomain_prefix |
The prefix of the user domain (e.g., user is the prefix for user_t). | No |
user_domain |
The type of the user domain. | No |
user_role |
The role associated with the user domain. | No |
The template to define a ssh server.
This template creates a domains to be used for creating a ssh server. This is typically done to have multiple ssh servers of different sensitivities, such as for an internal network-facing ssh server, and a external network-facing ssh server.
Parameter: | Description: | Optional: |
---|---|---|
userdomain_prefix |
The prefix of the server domain (e.g., sshd is the prefix for sshd_t). | No |