[selinux-policy: 2221/3172] Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:17:11 UTC 2010
commit 02e594d5dcfa7a91a62fa56c81b510c19bde618a
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Aug 5 14:19:54 2009 -0400
Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49.
Changelog | 1 +
policy/modules/admin/usermanage.te | 18 ++++++++++++------
2 files changed, 13 insertions(+), 6 deletions(-)
---
diff --git a/Changelog b/Changelog
index ed012d1..ffc191a 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Handle unix_chkpwd usage by useradd and groupadd.
- Add missing compatibility aliases for xdm_xserver*_t types.
* Thu Jul 30 2009 Chris PeBenito <selinux at tresys.com> - 2.20090730
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 307cff7..1865872 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -1,5 +1,5 @@
-policy_module(usermanage, 1.13.0)
+policy_module(usermanage, 1.13.1)
########################################
#
@@ -218,11 +218,14 @@ logging_send_syslog_msg(groupadd_t)
miscfiles_read_localization(groupadd_t)
+auth_domtrans_chk_passwd(groupadd_t)
+auth_rw_lastlog(groupadd_t)
+auth_use_nsswitch(groupadd_t)
+# these may be unnecessary due to the above
+# domtrans_chk_passwd() call.
auth_manage_shadow(groupadd_t)
auth_relabel_shadow(groupadd_t)
auth_etc_filetrans_shadow(groupadd_t)
-auth_rw_lastlog(groupadd_t)
-auth_use_nsswitch(groupadd_t)
seutil_read_config(groupadd_t)
@@ -465,12 +468,15 @@ selinux_compute_user_contexts(useradd_t)
term_use_all_user_ttys(useradd_t)
term_use_all_user_ptys(useradd_t)
-auth_manage_shadow(useradd_t)
-auth_relabel_shadow(useradd_t)
-auth_etc_filetrans_shadow(useradd_t)
+auth_domtrans_chk_passwd(useradd_t)
auth_rw_lastlog(useradd_t)
auth_rw_faillog(useradd_t)
auth_use_nsswitch(useradd_t)
+# these may be unnecessary due to the above
+# domtrans_chk_passwd() call.
+auth_manage_shadow(useradd_t)
+auth_relabel_shadow(useradd_t)
+auth_etc_filetrans_shadow(useradd_t)
init_use_fds(useradd_t)
init_rw_utmp(useradd_t)
More information about the scm-commits
mailing list