mirror of
https://github.com/ovh/the-bastion.git
synced 2025-01-08 00:12:10 +08:00
15 lines
544 B
Text
15 lines
544 B
Text
module the-bastion 1.0;
|
|
|
|
require {
|
|
type var_t;
|
|
type sshd_t;
|
|
type user_home_t;
|
|
type user_home_dir_t;
|
|
class file { create getattr rename setattr unlink open read write };
|
|
}
|
|
|
|
# needed for user TOTP (~/.totp and ~/.totp~XXXXXX temporary file)
|
|
allow sshd_t user_home_dir_t:file { create getattr rename setattr unlink open read write };
|
|
allow sshd_t user_home_t:file unlink;
|
|
# needed for root TOTP (/var/otp/root and /var/otp/root~XXXXXX temporary file)
|
|
allow sshd_t var_t:file { create getattr rename setattr unlink open read write };
|