rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

split type transition from auth_manage_shadow

Browse Source
This commit is contained in:
Chris PeBenito 2006-05-03 20:29:14 +00:00
parent e993594365
commit 8bf6f58e76
4 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
refpolicy/policy/modules/admin/usermanage.te
View File

@ -1,5 +1,5 @@
policy_module(usermanage,1.3.4) policy_module(usermanage,1.3.5)
######################################## ########################################
# #
@ -240,6 +240,7 @@ miscfiles_read_localization(groupadd_t)
auth_manage_shadow(groupadd_t) auth_manage_shadow(groupadd_t)
auth_relabel_shadow(groupadd_t) auth_relabel_shadow(groupadd_t)
auth_etc_filetrans_shadow(groupadd_t)
auth_rw_lastlog(groupadd_t) auth_rw_lastlog(groupadd_t)
auth_use_nsswitch(groupadd_t) auth_use_nsswitch(groupadd_t)
@ -314,6 +315,7 @@ term_use_all_user_ptys(passwd_t)
auth_manage_shadow(passwd_t) auth_manage_shadow(passwd_t)
auth_relabel_shadow(passwd_t) auth_relabel_shadow(passwd_t)
auth_etc_filetrans_shadow(passwd_t)
# allow checking if a shell is executable # allow checking if a shell is executable
corecmd_check_exec_shell(passwd_t) corecmd_check_exec_shell(passwd_t)
@ -403,6 +405,7 @@ term_use_all_user_ptys(sysadm_passwd_t)
auth_manage_shadow(sysadm_passwd_t) auth_manage_shadow(sysadm_passwd_t)
auth_relabel_shadow(sysadm_passwd_t) auth_relabel_shadow(sysadm_passwd_t)
auth_etc_filetrans_shadow(sysadm_passwd_t)
# allow checking if a shell is executable # allow checking if a shell is executable
corecmd_check_exec_shell(sysadm_passwd_t) corecmd_check_exec_shell(sysadm_passwd_t)
@ -480,6 +483,7 @@ term_use_all_user_ptys(useradd_t)
auth_manage_shadow(useradd_t) auth_manage_shadow(useradd_t)
auth_relabel_shadow(useradd_t) auth_relabel_shadow(useradd_t)
auth_etc_filetrans_shadow(useradd_t)
auth_rw_lastlog(useradd_t) auth_rw_lastlog(useradd_t)
auth_use_nsswitch(useradd_t) auth_use_nsswitch(useradd_t)

3
refpolicy/policy/modules/services/nis.te
View File

@ -1,5 +1,5 @@
policy_module(nis,1.1.1) policy_module(nis,1.1.2)
######################################## ########################################
# #
@ -193,6 +193,7 @@ term_dontaudit_use_console(yppasswdd_t)
auth_manage_shadow(yppasswdd_t) auth_manage_shadow(yppasswdd_t)
auth_relabel_shadow(yppasswdd_t) auth_relabel_shadow(yppasswdd_t)
auth_etc_filetrans_shadow(yppasswdd_t)
corecmd_exec_bin(yppasswdd_t) corecmd_exec_bin(yppasswdd_t)
corecmd_exec_shell(yppasswdd_t) corecmd_exec_shell(yppasswdd_t)

20
refpolicy/policy/modules/system/authlogin.if
View File

@ -413,11 +413,27 @@ interface(`auth_manage_shadow',`
') ')
allow $1 shadow_t:file create_file_perms; allow $1 shadow_t:file create_file_perms;
files_etc_filetrans($1,shadow_t,file)
typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords; typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords;
') ')
#######################################
## <summary>
## Automatic transition to shadow from etc.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`auth_etc_filetrans_shadow',`
gen_require(`
type shadow_t;
')
files_etc_filetrans($1,shadow_t,file)
')
####################################### #######################################
## <summary> ## <summary>
## Relabel to the shadow ## Relabel to the shadow

2
refpolicy/policy/modules/system/authlogin.te
View File

@ -1,5 +1,5 @@
policy_module(authlogin,1.3.3) policy_module(authlogin,1.3.4)
######################################## ########################################
# #