On Wed, 2009-07-01 at 16:15 -0700, Brian Ginn wrote: > I have an app that I'm trying to confine. > > > > In enforcing mode, getpwnam() returns "X" for the pw_passwd field. > > > > Is there SELinux policy to allow this app to get the shadow passwd? > > I've tried the following without success: > > auth_can_read_shadow_passwords( ) > > auth_read_shadow( ) > > auth_tunable_read_shadow( ) > > auth_use_nsswitch( ) Can you show us the actual denial? Run semodule -DB first if you don't get any denials, and then run semodule -B afterward. Also, post your .te file. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list