blob: 6309deb590c561d2161d8f7df62dc3432b4eddec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
#!/bin/bash
WHICH='ssh' # pipe-delimited
WHERE='~/.ssh' # space delimited
SEHOMEPOLICY='/etc/selinux/targeted/contexts/files/file_contexts.homedirs'
TMPFILE=$(mktemp /tmp/.XXXXX)
#SETFILESCMD="setfiles -n -s -v -o - ${TMPFILE}" # dry-run
SETFILESCMD="setfiles -s -v -o - ${TMPFILE}"
# prologue: unrelated to SELinux, but affects password-less ssh in the same way
chmod 700 -- ~/.ssh
CURDIR="$(dirname $(readlink -f ~/.ssh))"
HOMEINODE=$(stat --printf %i ~)
while [ $(stat --printf %i "${CURDIR}") -ne "${HOMEINODE}" ]; do
chmod 700 -- "${CURDIR}"
CURDIR="$(dirname ${CURDIR})"
done
grep -E "${WHICH}" -- "${SEHOMEPOLICY}" >>${TMPFILE}
${SETFILESCMD} < \
<(echo "${WHERE}" | xargs -I '{}' sh -c '[ -d {} ] && echo "{}/"; echo "{}"')
rm -f -- "${TMPFILE}"
|