18 lines
491 B
Text
18 lines
491 B
Text
|
|
module ec2-instance-connect 1.0;
|
|
|
|
require {
|
|
type ssh_keygen_exec_t;
|
|
type sshd_t;
|
|
type http_port_t;
|
|
class file { execute execute_no_trans open read };
|
|
class process setpgid;
|
|
class tcp_socket name_connect;
|
|
class file map;
|
|
}
|
|
|
|
#============= sshd_t ==============
|
|
allow sshd_t http_port_t:tcp_socket name_connect;
|
|
allow sshd_t self:process setpgid;
|
|
allow sshd_t ssh_keygen_exec_t:file { execute execute_no_trans open read };
|
|
allow sshd_t ssh_keygen_exec_t:file map;
|