From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 28 Dec 2011 20:35:28 +0100
Subject: [refpolicy] [PATCH 1/2] Mark mkhomedir_helper as
	oddjob_mkhomedir_exec_t
In-Reply-To: <20111228193436.GA18269@siphos.be>
References: <20111228193436.GA18269@siphos.be>
Message-ID: <20111228193528.GB18269@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The mkhomedir_helper application (part of the PAM distribution) is here marked as an oddjob_mkhomedir_exec_t type so that
calls from applications that have oddjob_mkhomedir_domtrans() rights (or _run()) succeed in the correct domain.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 oddjob.fc |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/oddjob.fc b/oddjob.fc
index bdf8c89..734253e 100644
--- a/oddjob.fc
+++ b/oddjob.fc
@@ -2,4 +2,6 @@
 
 /usr/sbin/oddjobd		--	gen_context(system_u:object_r:oddjob_exec_t,s0)
 
+/sbin/mkhomedir_helper		--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
+
 /var/run/oddjobd\.pid			gen_context(system_u:object_r:oddjob_var_run_t,s0)
-- 
1.7.3.4