From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 28 Mar 2012 18:53:23 +0200
Subject: [refpolicy] chsh (chfn_t) to access /etc/.pwd.lock (shadow_t) ?
In-Reply-To: <65fee91c-9c87-472b-ad30-a8ba9486c276@email.android.com>
References: <20120327192447.GA2101@siphos.be>
	<1d3c1e37-c258-47c6-8f6c-fda28ec65f71@email.android.com>
	<65fee91c-9c87-472b-ad30-a8ba9486c276@email.android.com>
Message-ID: <20120328165323.GB3116@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, Mar 28, 2012 at 10:51:57AM +1100, Russell Coker wrote:
> We should probably make "vipw -s" spawn a program named vipw-s (or something similar) so we can have different contexts for editing etc_t and shadow_t.

It might be easier just to use a named file transition here...

Wkr,
	Sven Vermeulen