On Oct 17, 2011, at 5:03 PM, Stephen Smalley wrote:
On Mon, 2011-10-17 at 16:55 -0400, David A. Cafaro wrote:
You want:
allow mytool_t self:passwd passwd;
AHHH!! Thanks, not sure I would have found that. Google and grep of the source tree were
failing me.
passwd applies SELinux permission checks of its own.
I had actually started looking at passwd and how they did an avc compute to check for
correct context/perms, I was just having a miserable time trying to figure out
"what" it was looking for. Thanks.
Lack of AVC messages on such denials has been noted previously, but not
fixed:
https://bugzilla.redhat.com/show_bug.cgi?id=518268
--
Stephen Smalley
National Security Agency