From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Thu, 18 Jun 2009 09:58:10 -0400 Subject: [refpolicy] su patch In-Reply-To: References: Message-ID: <1245333492.4230.593.camel@gorn> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, 2009-05-22 at 13:40 -0400, Brandon Whalen wrote: > Allow the derived su domains to run the pam cracklib module in the > case that > the root password has expired and the user must reset it after an su. Merged, with a little reorganization. > Index: policy/modules/admin/su.if > =================================================================== > --- policy/modules/admin/su.if (revision 2987) > +++ policy/modules/admin/su.if (working copy) > @@ -78,6 +78,9 @@ > auth_dontaudit_read_shadow($1_su_t) > auth_use_nsswitch($1_su_t) > auth_rw_faillog($1_su_t) > + optional_policy(` > + usermanage_read_crack_db($1_su_t) > + ') > > domain_use_interactive_fds($1_su_t) > > @@ -204,6 +207,9 @@ > auth_dontaudit_read_shadow($1_su_t) > auth_use_nsswitch($1_su_t) > auth_rw_faillog($1_su_t) > + optional_policy(` > + usermanage_read_crack_db($1_su_t) > + ') > > corecmd_search_bin($1_su_t) > > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > > -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150