From: dwalsh@redhat.com (Daniel J Walsh)
Date: Wed, 16 Feb 2011 15:55:23 -0500
Subject: [refpolicy] [PATCH 2/34]: patch for the usermanage module
In-Reply-To: <20110216204341.GA5937@siphos.be>
References: <1297836049.3205.31.camel@tesla.lan>
	<20110216204341.GA5937@siphos.be>
Message-ID: <4D5C39BB.9020401@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/16/2011 03:43 PM, Sven Vermeulen wrote:
> On Wed, Feb 16, 2011 at 07:00:49AM +0100, Guido Trentalancia wrote:
>>  # allow checking if a shell is executable
>>  corecmd_check_exec_shell(passwd_t)
>> +corecmd_exec_bin(passwd_t)
> 
> I'm curious why anything in the passwd_t domain wants to execute a bin_t
> labelled file? Afaik, the applications labelled with passwd_exec_t (and thus
> will potentially run in passwd_t) are passwd, vigr, vipw, chage, passwd,
> grpconv, pwunconv and grpunconv. Which of these is trying to execute a
> bin_t (and which command exactly)?
> 
> Wkr,
> 	Sven Vermeulen
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
I believe this is caused by a pam plugin that attempts to contact the
gnome-keyring-daemon with the new passwd.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk1cObsACgkQrlYvE4MpobM8FwCg6Mh2YttKGfYRHbeRvsy88tbX
c7IAni8PNqkPxIa4WFnIZqTBpKm3vK7K
=PPNf
-----END PGP SIGNATURE-----