Add default contexts for sshd-seesion

In openssh-9.9 (Fedora 41), the sshd server has been split into a listener
binary, sshd(8), and a per-session binary, "sshd-session".

sshd-session runs in a new domain sshd_session_t, which is now used to
transition into an appropriate login context.

Signed-off-by: Vit Mojzis <[email protected]>

Author: vmojzis

config/appconfig-mcs/default_contexts

@@ -2,6 +2,7 @@ system_r:crond_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 un
 system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
 system_r:remote_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
 system_r:sshd_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
+system_r:sshd_session_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
 system_r:sulogin_t:s0		sysadm_r:sysadm_t:s0
 system_r:xdm_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
 

config/appconfig-mcs/guest_u_default_contexts

@@ -4,5 +4,6 @@ system_r:initrc_su_t:s0		guest_r:guest_t:s0
 system_r:local_login_t:s0	guest_r:guest_t:s0
 system_r:remote_login_t:s0	guest_r:guest_t:s0
 system_r:sshd_t:s0		guest_r:guest_t:s0
+system_r:sshd_session_t:s0		guest_r:guest_t:s0
 system_r:cockpit_session_t:s0		guest_r:guest_t:s0
 system_r:init_t:s0		guest_r:guest_t:s0

config/appconfig-mcs/root_default_contexts

@@ -9,3 +9,4 @@ user_r:user_su_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:s
 # Uncomment if you want to automatically login as sysadm_r
 #
 #system_r:sshd_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
+#system_r:sshd_session_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0

config/appconfig-mcs/staff_u_default_contexts

@@ -1,6 +1,7 @@
 system_r:local_login_t:s0	staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
 system_r:remote_login_t:s0	staff_r:staff_t:s0
 system_r:sshd_t:s0		staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
+system_r:sshd_session_t:s0		staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
 system_r:cockpit_session_t:s0		staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
 system_r:crond_t:s0		staff_r:staff_t:s0 staff_r:cronjob_t:s0
 system_r:xdm_t:s0		staff_r:staff_t:s0

config/appconfig-mcs/sysadm_u_default_contexts

@@ -1,6 +1,7 @@
 system_r:local_login_t:s0	sysadm_r:sysadm_t:s0
 system_r:remote_login_t:s0	sysadm_r:sysadm_t:s0
 system_r:sshd_t:s0		sysadm_r:sysadm_t:s0
+system_r:sshd_session_t:s0		sysadm_r:sysadm_t:s0
 system_r:cockpit_session_t:s0		sysadm_r:sysadm_t:s0
 system_r:crond_t:s0		sysadm_r:sysadm_t:s0
 system_r:xdm_t:s0		sysadm_r:sysadm_t:s0

config/appconfig-mcs/unconfined_u_default_contexts

@@ -4,6 +4,7 @@ system_r:local_login_t:s0	unconfined_r:unconfined_t:s0
 system_r:remote_login_t:s0	unconfined_r:unconfined_t:s0
 system_r:rshd_t:s0		unconfined_r:unconfined_t:s0
 system_r:sshd_t:s0		unconfined_r:unconfined_t:s0
+system_r:sshd_session_t:s0	unconfined_r:unconfined_t:s0
 system_r:cockpit_session_t:s0		unconfined_r:unconfined_t:s0
 system_r:sysadm_su_t:s0		unconfined_r:unconfined_t:s0
 system_r:unconfined_t:s0	unconfined_r:unconfined_t:s0

config/appconfig-mcs/user_u_default_contexts

@@ -2,6 +2,7 @@ system_r:init_t:s0	user_r:user_t:s0
 system_r:local_login_t:s0	user_r:user_t:s0
 system_r:remote_login_t:s0	user_r:user_t:s0
 system_r:sshd_t:s0		user_r:user_t:s0
+system_r:sshd_session_t:s0		user_r:user_t:s0
 system_r:cockpit_session_t:s0		user_r:user_t:s0
 system_r:crond_t:s0		user_r:user_t:s0 user_r:cronjob_t:s0
 system_r:xdm_t:s0		user_r:user_t:s0

config/appconfig-mcs/xguest_u_default_contexts

@@ -3,6 +3,7 @@ system_r:initrc_su_t:s0		xguest_r:xguest_t:s0
 system_r:local_login_t:s0	xguest_r:xguest_t:s0
 system_r:remote_login_t:s0	xguest_r:xguest_t:s0
 system_r:sshd_t:s0		xguest_r:xguest_t:s0
+system_r:sshd_session_t:s0		xguest_r:xguest_t:s0
 system_r:cockpit_session_t:s0		xguest_r:xguest_t:s0
 system_r:xdm_t:s0		xguest_r:xguest_t:s0
 system_r:init_t:s0		xguest_r:xguest_t:s0

config/appconfig-mls/default_contexts

@@ -2,6 +2,7 @@ system_r:crond_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 un
 system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
 system_r:remote_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
 system_r:sshd_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
+system_r:sshd_session_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
 system_r:sulogin_t:s0		sysadm_r:sysadm_t:s0
 system_r:xdm_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
 

config/appconfig-mls/guest_u_default_contexts

@@ -3,5 +3,6 @@ system_r:crond_t:s0		guest_r:guest_t:s0
 system_r:local_login_t:s0	guest_r:guest_t:s0
 system_r:remote_login_t:s0	guest_r:guest_t:s0
 system_r:sshd_t:s0		guest_r:guest_t:s0
+system_r:sshd_session_t:s0		guest_r:guest_t:s0
 system_r:cockpit_session_t:s0		guest_r:guest_t:s0
 system_r:init_t:s0		guest_r:guest_t:s0