From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Fri, 14 Sep 2012 20:29:33 +0200
Subject: [refpolicy] [PATCH] selinux-testsuite: Allow test domains to
	read /etc/passwd
In-Reply-To: <5051FB6A.8040106@redhat.com>
References: <1347545325.15047.34.camel@moss-pluto.epoch.ncsc.mil>
	<5051FB6A.8040106@redhat.com>
Message-ID: <CAPzO=Nxg9_DdYeJWZFPhxhh7yPyi4VrhE+6jL1udr6fq-Mo88A@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sep 13, 2012 5:40 PM, "Daniel J Walsh" <dwalsh@redhat.com> wrote:
> > selinux_compute_create_context(testdomain)
> > selinux_compute_relabel_context(testdomain)
> > selinux_compute_user_contexts(testdomain) +
+auth_read_passwd(testdomain)
> >
> Probably should use
>
> auth_use_nsswitch(testdomain)
>
> Since this will handle cases where users are listed in ldap or use sssd.

Also please try to not depend on distribution policies but rather
refpolicy. Other distributions don't use a separate type for passwd (yet?)
and I don't know if the interface suggested before is also supported.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20120914/cfc0a1d8/attachment.html