From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SLw6Y-0006mH-Ne for garchives@archives.gentoo.org; Sun, 22 Apr 2012 12:41:26 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 01469E0C18; Sun, 22 Apr 2012 12:41:13 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id C7027E0C18 for ; Sun, 22 Apr 2012 12:41:13 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D8D621B40EC for ; Sun, 22 Apr 2012 12:41:12 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 230FDE5402 for ; Sun, 22 Apr 2012 12:41:11 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1335098391.cae882486fe3e6e942c63c1d3781634076020e1a.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/admin/usermanage.te X-VCS-Directories: policy/modules/admin/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: cae882486fe3e6e942c63c1d3781634076020e1a X-VCS-Branch: master Date: Sun, 22 Apr 2012 12:41:11 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 49e12a95-99b7-41ba-8612-188ac0943560 X-Archives-Hash: a72b903de1c496d743078e8768b2303d commit: cae882486fe3e6e942c63c1d3781634076020e1a Author: Sven Vermeulen siphos be> AuthorDate: Sun Apr 22 12:39:51 2012 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Sun Apr 22 12:39:51 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-refp= olicy.git;a=3Dcommit;h=3Dcae88248 Allow shadow utils to read selinux context information Recent shadow utilities, like groupadd and passwd, are now linked with li= bselinux and require additional privileges for accessing the context information provided by SELinux. This fixes bugs #413065 and #413061 --- policy/modules/admin/usermanage.te | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/us= ermanage.te index 7cac66f..07a99a6 100644 --- a/policy/modules/admin/usermanage.te +++ b/policy/modules/admin/usermanage.te @@ -241,6 +241,7 @@ auth_relabel_shadow(groupadd_t) auth_etc_filetrans_shadow(groupadd_t) =20 seutil_read_config(groupadd_t) +seutil_read_file_contexts(groupadd_t) =20 userdom_use_unpriv_users_fds(groupadd_t) # for when /root is the cwd @@ -336,7 +337,8 @@ logging_send_syslog_msg(passwd_t) =20 miscfiles_read_localization(passwd_t) =20 -seutil_dontaudit_search_config(passwd_t) +seutil_read_config(groupadd_t) +seutil_read_file_contexts(groupadd_t) =20 userdom_use_user_terminals(passwd_t) userdom_use_unpriv_users_fds(passwd_t)