trunk: Allow unix_update to change the security attributes associate with files so

that it can properly create the shadow file. Also allow it to read from
urandom so that it can add salt to the password hash.
This commit is contained in:
Chris PeBenito 2009-06-18 13:57:26 +00:00
parent df28a0c444
commit c7dc1c7222
3 changed files with 12 additions and 1 deletions

View File

@ -1,3 +1,4 @@
- Crack db access for su to handle password expiration, from Brandon Whalen.
- Misc fixes for unix_update from Brandon Whalen.
- Add x_device permissions for XI2 functions, from Eamon Walsh.
- MLS constraints for the x_selection class, from Eamon Walsh.

View File

@ -126,6 +126,11 @@ template(`su_restricted_domain_template', `
kerberos_use($1_su_t)
')
optional_policy(`
# used when the password has expired
usermanage_read_crack_db($1_su_t)
')
ifdef(`TODO',`
# Caused by su - init scripts
dontaudit $1_su_t initrc_devpts_t:chr_file { getattr ioctl };
@ -292,6 +297,11 @@ template(`su_role_template',`
kerberos_use($1_su_t)
')
optional_policy(`
# used when the password has expired
usermanage_read_crack_db($1_su_t)
')
# Modify .Xauthority file (via xauth program).
optional_policy(`
xserver_user_home_dir_filetrans_user_xauth($1_su_t)

View File

@ -1,5 +1,5 @@
policy_module(su, 1.9.1)
policy_module(su, 1.9.2)
########################################
#