split type transition from auth_manage_shadow
This commit is contained in:
Chris PeBenito
parent
e993594365
commit
8bf6f58e76
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(usermanage,1.3.4)
|
||||
policy_module(usermanage,1.3.5)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -240,6 +240,7 @@ miscfiles_read_localization(groupadd_t)
|
||||
|
||||
auth_manage_shadow(groupadd_t)
|
||||
auth_relabel_shadow(groupadd_t)
|
||||
auth_etc_filetrans_shadow(groupadd_t)
|
||||
auth_rw_lastlog(groupadd_t)
|
||||
auth_use_nsswitch(groupadd_t)
|
||||
|
||||
@ -314,6 +315,7 @@ term_use_all_user_ptys(passwd_t)
|
||||
|
||||
auth_manage_shadow(passwd_t)
|
||||
auth_relabel_shadow(passwd_t)
|
||||
auth_etc_filetrans_shadow(passwd_t)
|
||||
|
||||
# allow checking if a shell is executable
|
||||
corecmd_check_exec_shell(passwd_t)
|
||||
@ -403,6 +405,7 @@ term_use_all_user_ptys(sysadm_passwd_t)
|
||||
|
||||
auth_manage_shadow(sysadm_passwd_t)
|
||||
auth_relabel_shadow(sysadm_passwd_t)
|
||||
auth_etc_filetrans_shadow(sysadm_passwd_t)
|
||||
|
||||
# allow checking if a shell is executable
|
||||
corecmd_check_exec_shell(sysadm_passwd_t)
|
||||
@ -480,6 +483,7 @@ term_use_all_user_ptys(useradd_t)
|
||||
|
||||
auth_manage_shadow(useradd_t)
|
||||
auth_relabel_shadow(useradd_t)
|
||||
auth_etc_filetrans_shadow(useradd_t)
|
||||
auth_rw_lastlog(useradd_t)
|
||||
auth_use_nsswitch(useradd_t)
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(nis,1.1.1)
|
||||
policy_module(nis,1.1.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -193,6 +193,7 @@ term_dontaudit_use_console(yppasswdd_t)
|
||||
|
||||
auth_manage_shadow(yppasswdd_t)
|
||||
auth_relabel_shadow(yppasswdd_t)
|
||||
auth_etc_filetrans_shadow(yppasswdd_t)
|
||||
|
||||
corecmd_exec_bin(yppasswdd_t)
|
||||
corecmd_exec_shell(yppasswdd_t)
|
||||
|
||||
@ -413,11 +413,27 @@ interface(`auth_manage_shadow',`
|
||||
')
|
||||
|
||||
allow $1 shadow_t:file create_file_perms;
|
||||
files_etc_filetrans($1,shadow_t,file)
|
||||
|
||||
typeattribute $1 can_read_shadow_passwords, can_write_shadow_passwords;
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Automatic transition to shadow from etc.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`auth_etc_filetrans_shadow',`
|
||||
gen_require(`
|
||||
type shadow_t;
|
||||
')
|
||||
|
||||
files_etc_filetrans($1,shadow_t,file)
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Relabel to the shadow
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(authlogin,1.3.3)
|
||||
policy_module(authlogin,1.3.4)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
Loading…
Reference in New Issue
Block a user