> Reference: > http://lists.fedoraproject.org/pipermail/selinux/2010-December/013294.html > > This may be more appropriate if other login programs need this as well. > > Signed-off-by: Dominick Grift <domg472@xxxxxxxxx> > --- > :100644 100644 6521109... ceadd00... M policy/modules/system/authlogin.if > policy/modules/system/authlogin.if | 6 ++++++ > 1 files changed, 6 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if > index 6521109..ceadd00 100644 > --- a/policy/modules/system/authlogin.if > +++ b/policy/modules/system/authlogin.if > @@ -189,6 +189,12 @@ interface(`auth_login_pgm_domain',` > ') > > optional_policy(` > + openct_stream_connect($1) > + openct_signull($1) > + openct_read_pid_files($1) > + ') > + > + optional_policy(` > corecmd_exec_bin($1) > storage_getattr_fixed_disk_dev($1) > mount_domtrans($1) > Tested this as a patch to my current -73 policy with the modifications suggested by Miroslav Grepl and it works a treat! No problems at all and I can now login via the terminal with my smartcard and disable the password login. Over the weekend will try to see if I can get rid of the pcsc dependencies as well and use OpenCT only for gdm login on my other machines. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
