From 03dd57fe7b25285f77e9fbfb1c96fefe79127571 Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Mon, 1 Mar 2010 18:47:51 +0100 Subject: [PATCH] Fix auth_domtrans_chk_passwd to use read_file_perms to surpress open AVC denials. Signed-off-by: Dominick Grift Signed-off-by: Chris PeBenito --- policy/modules/system/authlogin.if | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if index 8a89f592e..7f21603dc 100644 --- a/policy/modules/system/authlogin.if +++ b/policy/modules/system/authlogin.if @@ -300,7 +300,7 @@ interface(`auth_domtrans_chk_passwd',` corecmd_search_bin($1) domtrans_pattern($1, chkpwd_exec_t, chkpwd_t) - dontaudit $1 shadow_t:file { getattr read }; + dontaudit $1 shadow_t:file read_file_perms; dev_read_rand($1) dev_read_urand($1)