On Thu, Feb 07, 2013 at 05:15:11PM +0100, Tomas Mraz wrote:
The attached patch uses different way to check for passwd
accessibility
by root in pam_rootok module. This method allows for proper auditing the
denial of access, so the user can find the user AVC message in the
audit.log.
OK to commit?
I need a bit more time to review this, but from a cursory glance the
selinux_check_root() return code check needs to be inverted.
--
ldv