I have an app which runs from xinetd in the myapp_t
domain:
system_u:system_r:myapp_t I am attempting to get myapp to exec the chfn program however it reports: chfn: system_u:system_r:myapp_t:SystemLow-SystemHigh is
not authorized to change the finger info of test5 I have tried these macros from the reference policy: usermanage_run_chfn(myapp_t,system_r,devpts_t ) type myapp_devpts_t; type myapp_tty_device_t; userdom_change_password_template(myapp) usermanage_run_chfn(myapp_t,system_r,{ myapp_devpts_t
myapp_tty_device_t }) but things still don't work. SELinux is not reporting denials in audit.log, presumably
because chfn calls security_compute_av() and reports the
"denial" itself. Is there policy I can write that will allow myapp to exec
chfn? Thanks, Brian |
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list