From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 01 Mar 2010 13:35:01 -0500
Subject: [refpolicy] [ authlogin patch 1/1] Fix auth_domtrans_chk_passwd
 to use read_file_perms to surpress open AVC denials.
In-Reply-To: <20100301174749.GA28521@localhost.localdomain>
References: <20100301174749.GA28521@localhost.localdomain>
Message-ID: <1267468501.30557.57.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2010-03-01 at 18:47 +0100, Dominick Grift wrote:
> Signed-off-by: Dominick Grift <domg472@gmail.com>

Merged.

> ---
> :100644 100644 8a89f59... 7f21603... M	policy/modules/system/authlogin.if
>  policy/modules/system/authlogin.if |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
> index 8a89f59..7f21603 100644
> --- a/policy/modules/system/authlogin.if
> +++ b/policy/modules/system/authlogin.if
> @@ -300,7 +300,7 @@ interface(`auth_domtrans_chk_passwd',`
>  	corecmd_search_bin($1)
>  	domtrans_pattern($1, chkpwd_exec_t, chkpwd_t)
>  
> -	dontaudit $1 shadow_t:file { getattr read };
> +	dontaudit $1 shadow_t:file read_file_perms;
>  
>  	dev_read_rand($1)
>  	dev_read_urand($1)
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150