From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 16 Feb 2011 21:43:41 +0100
Subject: [refpolicy] [PATCH 2/34]: patch for the usermanage module
In-Reply-To: <1297836049.3205.31.camel@tesla.lan>
References: <1297836049.3205.31.camel@tesla.lan>
Message-ID: <20110216204341.GA5937@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, Feb 16, 2011 at 07:00:49AM +0100, Guido Trentalancia wrote:
>  # allow checking if a shell is executable
>  corecmd_check_exec_shell(passwd_t)
> +corecmd_exec_bin(passwd_t)

I'm curious why anything in the passwd_t domain wants to execute a bin_t
labelled file? Afaik, the applications labelled with passwd_exec_t (and thus
will potentially run in passwd_t) are passwd, vigr, vipw, chage, passwd,
grpconv, pwunconv and grpunconv. Which of these is trying to execute a
bin_t (and which command exactly)?

Wkr,
	Sven Vermeulen