From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 18 Jun 2009 09:58:10 -0400
Subject: [refpolicy] su patch
In-Reply-To: <C63C5BBD.1E64F%bwhalen@tresys.com>
References: <C63C5BBD.1E64F%bwhalen@tresys.com>
Message-ID: <1245333492.4230.593.camel@gorn>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 2009-05-22 at 13:40 -0400, Brandon Whalen wrote:
> Allow the derived su domains to run the pam cracklib module in the
> case that
> the root password has expired and the user must reset it after an su.

Merged, with a little reorganization.

> Index: policy/modules/admin/su.if
> ===================================================================
> --- policy/modules/admin/su.if    (revision 2987)
> +++ policy/modules/admin/su.if    (working copy)
> @@ -78,6 +78,9 @@
>      auth_dontaudit_read_shadow($1_su_t)
>      auth_use_nsswitch($1_su_t)
>      auth_rw_faillog($1_su_t)
> +    optional_policy(`
> +        usermanage_read_crack_db($1_su_t)
> +    ')
> 
>      domain_use_interactive_fds($1_su_t)
> 
> @@ -204,6 +207,9 @@
>      auth_dontaudit_read_shadow($1_su_t)
>      auth_use_nsswitch($1_su_t)
>      auth_rw_faillog($1_su_t)
> +    optional_policy(`
> +        usermanage_read_crack_db($1_su_t)
> +    ')
> 
>      corecmd_search_bin($1_su_t)
> 
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
> 
> 
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150