getpwnam and SELinux
Stephen Smalley
sds at tycho.nsa.gov
Thu Jul 2 11:52:49 UTC 2009
On Wed, 2009-07-01 at 16:15 -0700, Brian Ginn wrote:
> I have an app that I'm trying to confine.
>
>
>
> In enforcing mode, getpwnam() returns "X" for the pw_passwd field.
>
>
>
> Is there SELinux policy to allow this app to get the shadow passwd?
>
> I've tried the following without success:
>
> auth_can_read_shadow_passwords( )
>
> auth_read_shadow( )
>
> auth_tunable_read_shadow( )
>
> auth_use_nsswitch( )
Can you show us the actual denial? Run semodule -DB first if you don't
get any denials, and then run semodule -B afterward. Also, post
your .te file.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list