[selinux-policy: 1419/3172] split type transition from auth_manage_shadow
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:08:02 UTC 2010
commit 8bf6f58e760b42e12e61878bf99575ddbd2a6315
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed May 3 20:29:14 2006 +0000
split type transition from auth_manage_shadow
refpolicy/policy/modules/admin/usermanage.te | 6 +++++-
refpolicy/policy/modules/services/nis.te | 3 ++-
refpolicy/policy/modules/system/authlogin.if | 20 ++++++++++++++++++--
refpolicy/policy/modules/system/authlogin.te | 2 +-
4 files changed, 26 insertions(+), 5 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te
index 2742509..8c3897a 100644
--- a/refpolicy/policy/modules/admin/usermanage.te
+++ b/refpolicy/policy/modules/admin/usermanage.te
@@ -1,5 +1,5 @@
-policy_module(usermanage,1.3.4)
+policy_module(usermanage,1.3.5)
########################################
#
@@ -240,6 +240,7 @@ miscfiles_read_localization(groupadd_t)
auth_manage_shadow(groupadd_t)
auth_relabel_shadow(groupadd_t)
+auth_etc_filetrans_shadow(groupadd_t)
auth_rw_lastlog(groupadd_t)
auth_use_nsswitch(groupadd_t)
@@ -314,6 +315,7 @@ term_use_all_user_ptys(passwd_t)
auth_manage_shadow(passwd_t)
auth_relabel_shadow(passwd_t)
+auth_etc_filetrans_shadow(passwd_t)
# allow checking if a shell is executable
corecmd_check_exec_shell(passwd_t)
@@ -403,6 +405,7 @@ term_use_all_user_ptys(sysadm_passwd_t)
auth_manage_shadow(sysadm_passwd_t)
auth_relabel_shadow(sysadm_passwd_t)
+auth_etc_filetrans_shadow(sysadm_passwd_t)
# allow checking if a shell is executable
corecmd_check_exec_shell(sysadm_passwd_t)
@@ -480,6 +483,7 @@ term_use_all_user_ptys(useradd_t)
auth_manage_shadow(useradd_t)
auth_relabel_shadow(useradd_t)
+auth_etc_filetrans_shadow(useradd_t)
auth_rw_lastlog(useradd_t)
auth_use_nsswitch(useradd_t)
diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te
index 137b5f1..98cbbc7 100644
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@@ -1,5 +1,5 @@
-policy_module(nis,1.1.1)
+policy_module(nis,1.1.2)
########################################
#
@@ -193,6 +193,7 @@ term_dontaudit_use_console(yppasswdd_t)
auth_manage_shadow(yppasswdd_t)
auth_relabel_shadow(yppasswdd_t)
+auth_etc_filetrans_shadow(yppasswdd_t)
corecmd_exec_bin(yppasswdd_t)
corecmd_exec_shell(yppasswdd_t)
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index dddd366..4c4e40b 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -413,13 +413,29 @@ interface(`auth_manage_shadow',`
')
allow $1 shadow_t:file create_file_perms;
- files_etc_filetrans($1,shadow_t,file)
-
typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords;
')
#######################################
## <summary>
+## Automatic transition to shadow from etc.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`auth_etc_filetrans_shadow',`
+ gen_require(`
+ type shadow_t;
+ ')
+
+ files_etc_filetrans($1,shadow_t,file)
+')
+
+#######################################
+## <summary>
## Relabel to the shadow
## password file type.
## </summary>
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index ee05883..5bcf97f 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -1,5 +1,5 @@
-policy_module(authlogin,1.3.3)
+policy_module(authlogin,1.3.4)
########################################
#
More information about the scm-commits
mailing list