chkpwd_macros.te

Stephen Smalley sds at epoch.ncsc.mil
Wed Nov 10 15:51:10 UTC 2004


On Wed, 2004-11-10 at 10:40, Tom London wrote:
> Suggest the following:
> 
> --- SAVE/chkpwd_macros.te       2004-11-10 07:37:22.098409600 -0800
> +++ ./chkpwd_macros.te  2004-11-10 07:38:32.387484758 -0800
> @@ -67,6 +67,8 @@
> 
>  # for nscd
>  dontaudit $1_chkpwd_t var_t:dir search;
> +dontaudit $1_chkpwd_t var_run_t:dir search;
> +dontaudit $1_chkpwd_t nscd_var_run_t:dir search;
> 
>  dontaudit $1_chkpwd_t fs_t:filesystem getattr;
>  ')

Hmmm...shouldn't $1_chkpwd_t by a nscd_client_domain?  It seems
legitimate for it to perform passwd lookups via nscd.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the fedora-selinux-list mailing list