RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow groupadd/passwd to read selinux config and context files 

Recent shadow utils require listing of SELinux config as well as read the file context information.

See also
- https://bugs.gentoo.org/show_bug.cgi?id=413061
- https://bugs.gentoo.org/show_bug.cgi?id=413065

Changes since v1
- use correct domain (passwd_t)

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
Sven Vermeulen 2012-05-07 20:47:35 +02:00 committed by Chris PeBenito
parent 8e00a439ef
commit 2f28a01206
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policy/modules/admin/usermanage.te
View File

@ -241,6 +241,7 @@ auth_relabel_shadow(groupadd_t)
auth_etc_filetrans_shadow(groupadd_t)
seutil_read_config(groupadd_t)
seutil_read_file_contexts(groupadd_t)
userdom_use_unpriv_users_fds(groupadd_t)
# for when /root is the cwd
@ -336,7 +337,8 @@ logging_send_syslog_msg(passwd_t)
miscfiles_read_localization(passwd_t)
seutil_dontaudit_search_config(passwd_t)
seutil_read_config(passwd_t)
seutil_read_file_contexts(passwd_t)
userdom_use_user_terminals(passwd_t)
userdom_use_unpriv_users_fds(passwd_t)