Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp157416ybb; Tue, 7 Apr 2020 19:25:16 -0700 (PDT) X-Google-Smtp-Source: APiQypIKHkehlzIMJt86OnL3ELGY7bDu2hubhuoI3Xg9s89vp/h81mB8tBndPqW5twpSX0QHdUSu X-Received: by 2002:a9d:68d0:: with SMTP id i16mr3946829oto.291.1586312716363; Tue, 07 Apr 2020 19:25:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586312716; cv=none; d=google.com; s=arc-20160816; b=sMdRft+MqhpT68lJnl/VZ5szwO2latKG+l+71iYqshzyG90VNssWPTSS0eqFtxLi9a GZfkkzcOCPzDTNsKLwib+dKlGHV/rUwVghjMqgRPqR+zIrd5FkCv9d2Hrz7zGmfK2XM9 a1Zut3AKc5NRQ+bF3yicamwVvLyFxopfRoYgV0zf+Wfi1CyD9uJwjTBoSCgGkQKDO32B ZS/S1lSKCZ4PBLe5JUw4hyxrhWeG5jlK8IYyU0Y0PGBTtm80Xy1f3CEuKfwx4BR6EdXR Djy8x38n8mBaMcwB7ovB1jvbDk4RE+lpTiUMZQgbiW/tIf5QH/gPdzf+uqNb0qUPQK8S VRKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:to:from:dkim-signature; bh=Rar8LuVSk2w+YJ6Ds9U94bSAaGPKCersLqQc7v43T/4=; b=r0xsuV7CsXhx0LCRlUuPNkYXgNHeTKXEyweRTVvN5hSTmJNVl3DyrGaAEOnn4/7uRb S1ItZKkPD4A8UYHWA4xPcyHtepbbzrfZTLuo9V79Gqmr010/A+BZRYrFWUww9E4gRQLV PFabRrKcNx9rVbD0dci2biqCzeW6U9Y0qvlVmKvx8mdTaZwpSzG6bvcdpQO3SCqxfd0D 23Tmno07noi1miyMR8byvyMDmr4crVNGcxLjNAWGLs+Yar6w0eTWxkZBuvewbMU8pXEO cSZHX4tb6gaZr5Xm/9S31Dan4gk++KarfaaEydOhVS73wHv5kysJn27O6IMCIL6l2LqX kBkw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@coker.com.au header.s=2008 header.b=UlTA9Gyr; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=coker.com.au Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i132si54229oia.129.2020.04.07.19.25.14; Tue, 07 Apr 2020 19:25:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@coker.com.au header.s=2008 header.b=UlTA9Gyr; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=coker.com.au Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726436AbgDHCZJ (ORCPT + 13 others); Tue, 7 Apr 2020 22:25:09 -0400 Received: from smtp.sws.net.au ([46.4.88.250]:48490 "EHLO smtp.sws.net.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726416AbgDHCZJ (ORCPT ); Tue, 7 Apr 2020 22:25:09 -0400 Received: from liv.localnet (localhost [127.0.0.1]) by smtp.sws.net.au (Postfix) with ESMTP id E5390EC3E for ; Wed, 8 Apr 2020 12:25:07 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1586312708; bh=Rar8LuVSk2w+YJ6Ds9U94bSAaGPKCersLqQc7v43T/4=; l=269; h=From:To:Subject:Date:From; b=UlTA9Gyr6jU43Uws92Ew6lcsPA9GgvzaYBBx04xuJSXYv46pk1If0AZQn9wSLTtpG 8poLT7ntKRCY91HC9ArXQaeHLqCvX91zKPDPiE03gG85J8kaQpnmPAQFUM/ONoikGR FIxz65eBfPCjNpU+dcqFwWtxCtbDbkk2YDW8Q5gM= From: Russell Coker To: selinux-refpolicy@vger.kernel.org Subject: logind shadow access Date: Wed, 08 Apr 2020 12:25:01 +1000 Message-ID: <1619795.CQcUudZz10@liv> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org # audit2allow -l < /var/log/audit/audit.log |tail -1 allow systemd_logind_t shadow_t:file read; Is there any good reason why systemd_logind might need to access /etc/shadow? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/