From 02e594d5dcfa7a91a62fa56c81b510c19bde618a Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Wed, 5 Aug 2009 14:19:54 -0400 Subject: [PATCH] Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49. --- Changelog | 1 + policy/modules/admin/usermanage.te | 18 ++++++++++++------ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/Changelog b/Changelog index ed012d12..ffc191ad 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,4 @@ +- Handle unix_chkpwd usage by useradd and groupadd. - Add missing compatibility aliases for xdm_xserver*_t types. * Thu Jul 30 2009 Chris PeBenito - 2.20090730 diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te index 307cff77..1865872d 100644 --- a/policy/modules/admin/usermanage.te +++ b/policy/modules/admin/usermanage.te @@ -1,5 +1,5 @@ -policy_module(usermanage, 1.13.0) +policy_module(usermanage, 1.13.1) ######################################## # @@ -218,11 +218,14 @@ logging_send_syslog_msg(groupadd_t) miscfiles_read_localization(groupadd_t) +auth_domtrans_chk_passwd(groupadd_t) +auth_rw_lastlog(groupadd_t) +auth_use_nsswitch(groupadd_t) +# these may be unnecessary due to the above +# domtrans_chk_passwd() call. auth_manage_shadow(groupadd_t) auth_relabel_shadow(groupadd_t) auth_etc_filetrans_shadow(groupadd_t) -auth_rw_lastlog(groupadd_t) -auth_use_nsswitch(groupadd_t) seutil_read_config(groupadd_t) @@ -465,12 +468,15 @@ selinux_compute_user_contexts(useradd_t) term_use_all_user_ttys(useradd_t) term_use_all_user_ptys(useradd_t) -auth_manage_shadow(useradd_t) -auth_relabel_shadow(useradd_t) -auth_etc_filetrans_shadow(useradd_t) +auth_domtrans_chk_passwd(useradd_t) auth_rw_lastlog(useradd_t) auth_rw_faillog(useradd_t) auth_use_nsswitch(useradd_t) +# these may be unnecessary due to the above +# domtrans_chk_passwd() call. +auth_manage_shadow(useradd_t) +auth_relabel_shadow(useradd_t) +auth_etc_filetrans_shadow(useradd_t) init_use_fds(useradd_t) init_rw_utmp(useradd_t)