From: aranea@aixah.de (Luis Ressel)
Date: Tue, 12 Sep 2017 09:32:21 +0200
Subject: [refpolicy] [PATCH] cgmanager: Apply auth_use_nsswitch interface
Message-ID: <20170912073221.26455-1-aranea@aixah.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Jason Zaman <jason@perfinion.com>

cgmanager looks up usernames in /etc/passwd, for which a map permission
may become neccessary.
---
 cgmanager.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cgmanager.te b/cgmanager.te
index c3cc521..2674193 100644
--- a/cgmanager.te
+++ b/cgmanager.te
@@ -40,6 +40,8 @@ allow cgmanager_t cgmanager_run_t:dir mounton;
 kernel_domtrans_to(cgmanager_t, cgmanager_exec_t)
 kernel_read_system_state(cgmanager_t)
 
+auth_use_nsswitch(cgmanager_t)
+
 corecmd_exec_bin(cgmanager_t)
 
 domain_read_all_domains_state(cgmanager_t)
-- 
2.14.1