Never mind, I found that the sshd rule was enforcing but missed an 'file execute' entry for /bin/bash On Thu, Mar 19, 2020 at 10:29 AM Manuel Bessler <manue****@gmail*****> wrote: > > Hi, > > I'm trying to make use of the aggregator feature but either I'm > misunderstanding it or using it wrong... > > For example I would like to treat /bin/bash, /bin/dash, and /bin/sh > the same, both for shell scripts and esp. for interactive shells. > So I put this into my exception policy: > aggregator /bin/bash /bin/sh > aggregator /bin/dash /bin/sh > > And in my domain policy reference things just be by /bin/sh, eg: > <kernel> /usr/sbin/sshd /bin/sh > <kernel> /bin/sh /usr/bin/sudo /bin/sh > <kernel> /bin/sh > > I was hoping that would work whether a user's shell is bash, dash, or sh. > However, it does not work, ssh'ing in as a user with shell /bin/bash > is not allowed until I explicitly allow > <kernel> /usr/sbin/sshd /bin/bash > > I'm using Tomoyo 2.5. > > Thanks, > Manuel
TOMOYO
Fork