[selinux-policy: 2448/3172] Fix auth_domtrans_chk_passwd to use read_file_perms to surpress open AVC denials.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:37:22 UTC 2010
commit 03dd57fe7b25285f77e9fbfb1c96fefe79127571
Author: Dominick Grift <domg472 at gmail.com>
Date: Mon Mar 1 18:47:51 2010 +0100
Fix auth_domtrans_chk_passwd to use read_file_perms to surpress open AVC denials.
Signed-off-by: Dominick Grift <domg472 at gmail.com>
Signed-off-by: Chris PeBenito <cpebenito at tresys.com>
policy/modules/system/authlogin.if | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 8a89f59..7f21603 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -300,7 +300,7 @@ interface(`auth_domtrans_chk_passwd',`
corecmd_search_bin($1)
domtrans_pattern($1, chkpwd_exec_t, chkpwd_t)
- dontaudit $1 shadow_t:file { getattr read };
+ dontaudit $1 shadow_t:file read_file_perms;
dev_read_rand($1)
dev_read_urand($1)
More information about the scm-commits
mailing list