From 4c2d1c67cea075107aadaa6d81fe456687c69e67 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Fri, 17 Jun 2005 12:44:30 +0000 Subject: Manoj Srivastava: - Added SELinux capability, and turned it on be default. Added restorecon calls in preinst and postinst (should not matter if the machine is not SELinux aware). By and large, the changes made should have no effect unless the rules file calls --with-selinux; and even then there should be no performance hit for machines not actively running SELinux. - Modified the preinst and postinst to call restorecon to set the security context for the generated public key files. - Added a comment to /etc/pam.d/ssh to indicate that an SELinux system may want to also include pam_selinux.so. --- contrib/redhat/sshd.init | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'contrib') diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init index 4ee8630c3..ffa66cd52 100755 --- a/contrib/redhat/sshd.init +++ b/contrib/redhat/sshd.init @@ -35,6 +35,9 @@ do_rsa1_keygen() { if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA1_KEY chmod 644 $RSA1_KEY.pub + if type restorecon >/dev/null 2>&1; then + restorecon $RSA1_KEY.pub + fi success $"RSA1 key generation" echo else @@ -51,6 +54,9 @@ do_rsa_keygen() { if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA_KEY chmod 644 $RSA_KEY.pub + if type restorecon >/dev/null 2>&1; then + restorecon $RSA_KEY.pub + fi success $"RSA key generation" echo else @@ -67,6 +73,9 @@ do_dsa_keygen() { if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then chmod 600 $DSA_KEY chmod 644 $DSA_KEY.pub + if type restorecon >/dev/null 2>&1; then + restorecon $DSA_KEY.pub + fi success $"DSA key generation" echo else -- cgit v1.2.3