From: domg472@gmail.com (Dominick Grift)
Date: Mon, 1 Mar 2010 18:47:51 +0100
Subject: [refpolicy] [ authlogin patch 1/1] Fix auth_domtrans_chk_passwd to
 use read_file_perms to surpress open AVC denials.
Message-ID: <20100301174749.GA28521@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 8a89f59... 7f21603... M	policy/modules/system/authlogin.if
 policy/modules/system/authlogin.if |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 8a89f59..7f21603 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -300,7 +300,7 @@ interface(`auth_domtrans_chk_passwd',`
 	corecmd_search_bin($1)
 	domtrans_pattern($1, chkpwd_exec_t, chkpwd_t)
 
-	dontaudit $1 shadow_t:file { getattr read };
+	dontaudit $1 shadow_t:file read_file_perms;
 
 	dev_read_rand($1)
 	dev_read_urand($1)
-- 
1.6.6.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100301/d4eaec78/attachment.bin