chkpwd_macros.te
Stephen Smalley
sds at epoch.ncsc.mil
Wed Nov 10 15:51:10 UTC 2004
On Wed, 2004-11-10 at 10:40, Tom London wrote:
> Suggest the following:
>
> --- SAVE/chkpwd_macros.te 2004-11-10 07:37:22.098409600 -0800
> +++ ./chkpwd_macros.te 2004-11-10 07:38:32.387484758 -0800
> @@ -67,6 +67,8 @@
>
> # for nscd
> dontaudit $1_chkpwd_t var_t:dir search;
> +dontaudit $1_chkpwd_t var_run_t:dir search;
> +dontaudit $1_chkpwd_t nscd_var_run_t:dir search;
>
> dontaudit $1_chkpwd_t fs_t:filesystem getattr;
> ')
Hmmm...shouldn't $1_chkpwd_t by a nscd_client_domain? It seems
legitimate for it to perform passwd lookups via nscd.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the selinux
mailing list