From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 28 Feb 2011 09:23:08 -0500
Subject: [refpolicy] [PATCH 23/34]: patch to add needed permissions to
 the authlogin module
In-Reply-To: <1297837671.3205.88.camel@tesla.lan>
References: <1297837671.3205.88.camel@tesla.lan>
Message-ID: <4D6BAFCC.3010501@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/16/11 01:27, Guido Trentalancia wrote:
> This patch adds some needed permissions to the chkpwd_t domain
> in policy/modules/system/authlogin.te.
> 
> --- refpolicy-git-15022011/policy/modules/system/authlogin.te	2011-01-08 19:07:21.347757938 +0100
> +++ refpolicy-git-15022011-new-modified/policy/modules/system/authlogin.te	2011-02-15 22:30:53.148753919 +0100
> @@ -83,11 +83,13 @@ logging_log_file(wtmp_t)
>  
>  allow chkpwd_t self:capability { dac_override setuid };
>  dontaudit chkpwd_t self:capability sys_tty_config;
> -allow chkpwd_t self:process getattr;
> +allow chkpwd_t self:process { getattr signal };
>  
>  allow chkpwd_t shadow_t:file read_file_perms;
>  files_list_etc(chkpwd_t)
>  
> +kernel_read_crypto_sysctls(chkpwd_t)
> +
>  # is_selinux_enabled
>  kernel_read_system_state(chkpwd_t)

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com