On Oct 17, 2011, at 5:03 PM, Stephen Smalley wrote: > On Mon, 2011-10-17 at 16:55 -0400, David A. Cafaro wrote: > > You want: > allow mytool_t self:passwd passwd; AHHH!! Thanks, not sure I would have found that. Google and grep of the source tree were failing me. > > passwd applies SELinux permission checks of its own. I had actually started looking at passwd and how they did an avc compute to check for correct context/perms, I was just having a miserable time trying to figure out "what" it was looking for. Thanks. > > Lack of AVC messages on such denials has been noted previously, but not > fixed: > https://bugzilla.redhat.com/show_bug.cgi?id=518268 > > -- > Stephen Smalley > National Security Agency > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
