File: //usr/share/doc/selinux-policy/html/services_ssh.html
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+
apps</a></br/>
<div id='subitem'>
</div>
<a href="contrib.html">+
contrib</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+
kernel</a></br/>
<div id='subitem'>
</div>
<a href="roles.html">+
roles</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+
services</a></br/>
<div id='subitem'>
- <a href='services_postgresql.html'>
postgresql</a><br/>
- <a href='services_ssh.html'>
ssh</a><br/>
- <a href='services_xserver.html'>
xserver</a><br/>
</div>
<a href="system.html">+
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">* Global Booleans </a>
<br/><p/>
<a href="global_tunables.html">* Global Tunables </a>
<p/><br/><p/>
<a href="index.html">* Layer Index</a>
<br/><p/>
<a href="booleans.html">* Boolean Index</a>
<br/><p/>
<a href="tunables.html">* Tunable Index</a>
<br/><p/>
<a href="interfaces.html">* Interface Index</a>
<br/><p/>
<a href="templates.html">* Template Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: services</h1><p/>
<h2>Module: ssh</h2><p/>
<a href=#tunables>Tunables</a>
<a href=#interfaces>Interfaces</a>
<a href=#templates>Templates</a>
<h3>Description:</h3>
<p><p>Secure shell client and server policy.</p></p>
<hr>
<a name="tunables"></a>
<h3>Tunables: </h3>
<a name="link_ssh_chroot_rw_homedirs"></a>
<div id="interface">
<div id="codeblock">ssh_chroot_rw_homedirs</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p>
</p><p>
allow ssh with chroot env to read and write files
in the user home directories
</p><p>
</p>
</div></div>
<a name="link_ssh_keysign"></a>
<div id="interface">
<div id="codeblock">ssh_keysign</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p>
</p><p>
allow host key based authentication
</p><p>
</p>
</div></div>
<a name="link_ssh_sysadm_login"></a>
<div id="interface">
<div id="codeblock">ssh_sysadm_login</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p>
</p><p>
Allow ssh logins as sysadm_r:sysadm_t
</p><p>
</p>
</div></div>
<a name="link_ssh_use_tcpd"></a>
<div id="interface">
<div id="codeblock">ssh_use_tcpd</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p>
</p><p>
Allow sshd to use tcp wrappers
</p><p>
</p>
</div></div>
<a href=#top>Return</a>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_ssh_agent_exec"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_agent_exec</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute the ssh agent client in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_agent_signal"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_agent_signal</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Send generic signals to ssh_agent_type.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_append_home_files"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_append_home_files</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Append ssh home directory content
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_delete_tmp"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_delete_tmp</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Delete from the ssh temp files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute the ssh daemon sshd domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed to transition.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_domtrans_keygen"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_domtrans_keygen</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute the ssh key generator in the ssh keygen domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed to transition.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_dontaudit_read_server_keys"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_dontaudit_read_server_keys</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read ssh server keys
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain to not audit.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_dontaudit_rw_tcp_sockets"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_dontaudit_rw_tcp_sockets</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to read and write
ssh server TCP sockets.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain to not audit.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_dontaudit_search_user_home_dir"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_dontaudit_search_user_home_dir</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Dontaudit search ssh home directory
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain to not audit.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_dontaudit_use_ptys"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_dontaudit_use_ptys</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to read and
write the sshd pty type.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain to not audit.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_dyntransition_to"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_dyntransition_to</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Allow domain dyntransition to chroot_user_t domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_exec"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_exec</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute the ssh client in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_exec_keygen"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_exec_keygen</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute the ssh key generator in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed to transition.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_filetrans_admin_home_content"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_filetrans_admin_home_content</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create .ssh directory in the /root directory
with an correct label.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_filetrans_home_content"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_filetrans_home_content</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create .ssh directory in the user home directory
with an correct label.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_filetrans_keys"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_filetrans_keys</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Create .ssh directory in the user home directory
with an correct label.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_getattr_server_keys"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_getattr_server_keys</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Getattr ssh server keys
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain to not audit.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_getattr_user_home_dir"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_getattr_user_home_dir</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Getattr ssh home directory
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_initrc_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_initrc_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute sshd server in the sshd domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_manage_home_files"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_manage_home_files</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Manage ssh home directory content
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_read_pipes"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_read_pipes</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read a ssh server unnamed pipe.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_read_state"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_read_state</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Allow the domain to read state files in /proc.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain to allow access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_read_user_home_files"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_read_user_home_files</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read ssh home directory content
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_run_keygen"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_run_keygen</b>(
domain
,
role
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute ssh-keygen in the iptables domain, and
allow the specified role the ssh-keygen domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed to transition.
</p>
</td></tr>
<tr><td>
role
</td><td>
<p>
Role allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_rw_dgram_sockets"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_rw_dgram_sockets</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read and write ssh server unix dgram sockets.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_rw_pipes"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_rw_pipes</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read and write a ssh server unnamed pipe.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_rw_stream_sockets"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_rw_stream_sockets</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read and write ssh server unix domain stream sockets.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_rw_tcp_sockets"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_rw_tcp_sockets</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read and write ssh server TCP sockets.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_setattr_key_files"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_setattr_key_files</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Set the attributes of sshd key files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_sigchld"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_sigchld</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Send a SIGCHLD signal to the ssh server.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_signal"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_signal</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Send a generic signal to the ssh server.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_signull"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_signull</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Send a null signal to sshd processes.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_systemctl"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_systemctl</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute sshd server in the sshd domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed to transition.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_tcp_connect"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_tcp_connect</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Connect to SSH daemons over TCP sockets. (Deprecated)
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_use_ptys"></a>
<div id="interface">
<div id="codeblock">
<b>ssh_use_ptys</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read and write inherited sshd pty type.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain to not audit.
</p>
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
<a name="templates"></a>
<h3>Templates: </h3>
<a name="link_ssh_basic_client_template"></a>
<div id="template">
<div id="codeblock">
<b>ssh_basic_client_template</b>(
userdomain_prefix
,
user_domain
,
user_role
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Basic SSH client template.
</p>
<h5>Description</h5>
<p>
</p><p>
This template creates a derived domains which are used
for ssh client sessions. A derived
type is also created to protect the user ssh keys.
</p><p>
</p><p>
This template was added for NX.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
userdomain_prefix
</td><td>
<p>
The prefix of the domain (e.g., user
is the prefix for user_t).
</p>
</td></tr>
<tr><td>
user_domain
</td><td>
<p>
The type of the domain.
</p>
</td></tr>
<tr><td>
user_role
</td><td>
<p>
The role associated with the user domain.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_dyntransition_domain_template"></a>
<div id="template">
<div id="codeblock">
<b>ssh_dyntransition_domain_template</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
The template to define a domain to which sshd dyntransition.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
The prefix of the dyntransition domain
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_role_template"></a>
<div id="template">
<div id="codeblock">
<b>ssh_role_template</b>(
role_prefix
,
role
,
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Role access for ssh
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
role_prefix
</td><td>
<p>
The prefix of the role (e.g., user
is the prefix for user_r).
</p>
</td></tr>
<tr><td>
role
</td><td>
<p>
Role allowed access
</p>
</td></tr>
<tr><td>
domain
</td><td>
<p>
User domain for the role
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_ssh_server_template"></a>
<div id="template">
<div id="codeblock">
<b>ssh_server_template</b>(
userdomain_prefix
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
The template to define a ssh server.
</p>
<h5>Description</h5>
<p>
</p><p>
This template creates a domains to be used for
creating a ssh server. This is typically done
to have multiple ssh servers of different sensitivities,
such as for an internal network-facing ssh server, and
a external network-facing ssh server.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
userdomain_prefix
</td><td>
<p>
The prefix of the server domain (e.g., sshd
is the prefix for sshd_t).
</p>
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>