From: Jason Zaman <[email protected]>
cgmanager looks up usernames in /etc/passwd, for which a map permission
may become neccessary.
---
cgmanager.te | 2 ++
1 file changed, 2 insertions(+)
diff --git a/cgmanager.te b/cgmanager.te
index c3cc521..2674193 100644
--- a/cgmanager.te
+++ b/cgmanager.te
@@ -40,6 +40,8 @@ allow cgmanager_t cgmanager_run_t:dir mounton;
kernel_domtrans_to(cgmanager_t, cgmanager_exec_t)
kernel_read_system_state(cgmanager_t)
+auth_use_nsswitch(cgmanager_t)
+
corecmd_exec_bin(cgmanager_t)
domain_read_all_domains_state(cgmanager_t)
--
2.14.1
On 09/12/2017 03:32 AM, Luis Ressel via refpolicy wrote:
> From: Jason Zaman <[email protected]>
>
> cgmanager looks up usernames in /etc/passwd, for which a map permission
> may become neccessary.
> ---
> cgmanager.te | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/cgmanager.te b/cgmanager.te
> index c3cc521..2674193 100644
> --- a/cgmanager.te
> +++ b/cgmanager.te
> @@ -40,6 +40,8 @@ allow cgmanager_t cgmanager_run_t:dir mounton;
> kernel_domtrans_to(cgmanager_t, cgmanager_exec_t)
> kernel_read_system_state(cgmanager_t)
>
> +auth_use_nsswitch(cgmanager_t)
> +
> corecmd_exec_bin(cgmanager_t)
Merged.
--
Chris PeBenito