From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 4 May 2012 09:48:47 -0400 Subject: [refpolicy] [PATCH 1/1] Allow groupadd/passwd to read selinux config and context files In-Reply-To: <20120501073825.GD32060@siphos.be> References: <20120501073825.GD32060@siphos.be> Message-ID: <4FA3DE3F.8090008@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 05/01/12 03:38, Sven Vermeulen wrote: > Recent shadow utils require listing of SELinux config as well as read the file context information. > > See also > - https://bugs.gentoo.org/show_bug.cgi?id=413061 > - https://bugs.gentoo.org/show_bug.cgi?id=413065 > > Signed-off-by: Sven Vermeulen > --- > policy/modules/admin/usermanage.te | 4 +++- > 1 files changed, 3 insertions(+), 1 deletions(-) > > diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te > index 3e144b9..d674f2e 100644 > --- a/policy/modules/admin/usermanage.te > +++ b/policy/modules/admin/usermanage.te > @@ -241,6 +241,7 @@ auth_relabel_shadow(groupadd_t) > auth_etc_filetrans_shadow(groupadd_t) > > seutil_read_config(groupadd_t) > +seutil_read_file_contexts(groupadd_t) > > userdom_use_unpriv_users_fds(groupadd_t) > # for when /root is the cwd > @@ -336,7 +337,8 @@ logging_send_syslog_msg(passwd_t) > > miscfiles_read_localization(passwd_t) > > -seutil_dontaudit_search_config(passwd_t) > +seutil_read_config(groupadd_t) > +seutil_read_file_contexts(groupadd_t) Looks like copy&paste errors. > userdom_use_user_terminals(passwd_t) > userdom_use_unpriv_users_fds(passwd_t) -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com