Re: getpwnam and SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2009-07-01 at 16:15 -0700, Brian Ginn wrote:
> I have an app that I'm trying to confine.
> 
>  
> 
> In enforcing mode, getpwnam() returns "X" for the pw_passwd field.
> 
>  
> 
> Is there SELinux policy to allow this app to get the shadow passwd?
> 
> I've tried the following without success:
> 
> auth_can_read_shadow_passwords(  )
> 
> auth_read_shadow(  )
> 
> auth_tunable_read_shadow(  )
> 
> auth_use_nsswitch(  )

Can you show us the actual denial?  Run semodule -DB first if you don't
get any denials, and then run semodule -B afterward.  Also, post
your .te file.

-- 
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux