brandocorp · October 24, 2016 22:19
diff --git a/usr.sbin.sshd b/usr.sbin.sshd
 usr.sbin.sshd
 # Last Modified: Mon Oct 24 22:15:48 2016
 #include <tunables/global>

 /usr/sbin/sshd flags=(complain) {
  #include <abstractions/base>
  #include <abstractions/consoles>
  #include <abstractions/nameservice>
  #include <abstractions/openssl>


  capability setgid,
  capability sys_resource,

  /etc/ssh/ssh_host_dsa_key r,
  /etc/ssh/ssh_host_dsa_key.pub r,
  /etc/ssh/ssh_host_ecdsa_key r,
  /etc/ssh/ssh_host_ecdsa_key.pub r,
  /etc/ssh/ssh_host_ed25519_key r,
  /etc/ssh/ssh_host_ed25519_key.pub r,
  /etc/ssh/ssh_host_rsa_key r,
  /etc/ssh/ssh_host_rsa_key.pub r,
  /etc/ssh/sshd_config r,
  /proc/*/fd/ r,
  /proc/*/oom_score_adj rw,
  /run/sshd.pid w,
  /usr/sbin/sshd mr,

 }
	usr.sbin.sshd
	# Last Modified: Mon Oct 24 22:15:48 2016
	#include <tunables/global>

	/usr/sbin/sshd flags=(complain) {
	#include <abstractions/base>
	#include <abstractions/consoles>
	#include <abstractions/nameservice>
	#include <abstractions/openssl>


	capability setgid,
	capability sys_resource,

	/etc/ssh/ssh_host_dsa_key r,
	/etc/ssh/ssh_host_dsa_key.pub r,
	/etc/ssh/ssh_host_ecdsa_key r,
	/etc/ssh/ssh_host_ecdsa_key.pub r,
	/etc/ssh/ssh_host_ed25519_key r,
	/etc/ssh/ssh_host_ed25519_key.pub r,
	/etc/ssh/ssh_host_rsa_key r,
	/etc/ssh/ssh_host_rsa_key.pub r,
	/etc/ssh/sshd_config r,
	/proc/*/fd/ r,
	/proc/*/oom_score_adj rw,
	/run/sshd.pid w,
	/usr/sbin/sshd mr,

	}