From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Wed, 28 Mar 2012 18:53:23 +0200 Subject: [refpolicy] chsh (chfn_t) to access /etc/.pwd.lock (shadow_t) ? In-Reply-To: <65fee91c-9c87-472b-ad30-a8ba9486c276@email.android.com> References: <20120327192447.GA2101@siphos.be> <1d3c1e37-c258-47c6-8f6c-fda28ec65f71@email.android.com> <65fee91c-9c87-472b-ad30-a8ba9486c276@email.android.com> Message-ID: <20120328165323.GB3116@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, Mar 28, 2012 at 10:51:57AM +1100, Russell Coker wrote: > We should probably make "vipw -s" spawn a program named vipw-s (or something similar) so we can have different contexts for editing etc_t and shadow_t. It might be easier just to use a named file transition here... Wkr, Sven Vermeulen