From: guido@trentalancia.com (Guido Trentalancia)
Date: Wed, 16 Feb 2011 07:00:49 +0100
Subject: [refpolicy] [PATCH 2/34]: patch for the usermanage module
Message-ID: <1297836049.3205.31.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This patch adds some needed permissions for passwd_t in
policy/modules/admin/usermanage.te.

--- refpolicy-git-15022011/policy/modules/admin/usermanage.te	2011-01-08 19:07:21.173730458 +0100
+++ refpolicy-git-15022011-new-modified/policy/modules/admin/usermanage.te	2011-02-15 22:46:11.980230160 +0100
@@ -273,6 +273,7 @@ allow passwd_t self:msg { send receive }
 allow passwd_t crack_db_t:dir list_dir_perms;
 read_files_pattern(passwd_t, crack_db_t, crack_db_t)
 
+kernel_read_crypto_sysctls(passwd_t)
 kernel_read_kernel_sysctls(passwd_t)
 
 # for SSP
@@ -291,8 +292,7 @@ selinux_compute_create_context(passwd_t)
 selinux_compute_relabel_context(passwd_t)
 selinux_compute_user_contexts(passwd_t)
 
-term_use_all_ttys(passwd_t)
-term_use_all_ptys(passwd_t)
+term_use_all_terms(passwd_t)
 
 auth_domtrans_chk_passwd(passwd_t)
 auth_manage_shadow(passwd_t)
@@ -302,6 +302,7 @@ auth_use_nsswitch(passwd_t)
 
 # allow checking if a shell is executable
 corecmd_check_exec_shell(passwd_t)
+corecmd_exec_bin(passwd_t)
 
 domain_use_interactive_fds(passwd_t)