[selinux-policy: 2221/3172] Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:17:11 UTC 2010 

commit 02e594d5dcfa7a91a62fa56c81b510c19bde618a
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Aug 5 14:19:54 2009 -0400

    Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49.

 Changelog                          |    1 +
 policy/modules/admin/usermanage.te |   18 ++++++++++++------
 2 files changed, 13 insertions(+), 6 deletions(-)
---
diff --git a/Changelog b/Changelog
index ed012d1..ffc191a 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Handle unix_chkpwd usage by useradd and groupadd.
 - Add missing compatibility aliases for xdm_xserver*_t types.
 
 * Thu Jul 30 2009 Chris PeBenito <selinux at tresys.com> - 2.20090730
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 307cff7..1865872 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -1,5 +1,5 @@
 
-policy_module(usermanage, 1.13.0)
+policy_module(usermanage, 1.13.1)
 
 ########################################
 #
@@ -218,11 +218,14 @@ logging_send_syslog_msg(groupadd_t)
 
 miscfiles_read_localization(groupadd_t)
 
+auth_domtrans_chk_passwd(groupadd_t)
+auth_rw_lastlog(groupadd_t)
+auth_use_nsswitch(groupadd_t)
+# these may be unnecessary due to the above
+# domtrans_chk_passwd() call.
 auth_manage_shadow(groupadd_t)
 auth_relabel_shadow(groupadd_t)
 auth_etc_filetrans_shadow(groupadd_t)
-auth_rw_lastlog(groupadd_t)
-auth_use_nsswitch(groupadd_t)
 
 seutil_read_config(groupadd_t)
 
@@ -465,12 +468,15 @@ selinux_compute_user_contexts(useradd_t)
 term_use_all_user_ttys(useradd_t)
 term_use_all_user_ptys(useradd_t)
 
-auth_manage_shadow(useradd_t)
-auth_relabel_shadow(useradd_t)
-auth_etc_filetrans_shadow(useradd_t)
+auth_domtrans_chk_passwd(useradd_t)
 auth_rw_lastlog(useradd_t)
 auth_rw_faillog(useradd_t)
 auth_use_nsswitch(useradd_t)
+# these may be unnecessary due to the above
+# domtrans_chk_passwd() call.
+auth_manage_shadow(useradd_t)
+auth_relabel_shadow(useradd_t)
+auth_etc_filetrans_shadow(useradd_t)
 
 init_use_fds(useradd_t)
 init_rw_utmp(useradd_t)

More information about the scm-commits mailing list