On RHEL 5.1 systems su uses unix_update to help authenticate users. --- /home/bwhalen/workspace/refpolicy-trunk/policy/modules/admin/su.if (revision 2579) +++ /home/bwhalen/workspace/refpolicy-trunk/policy/modules/admin/su.if (working copy) @@ -78,6 +78,10 @@ auth_dontaudit_read_shadow($1_su_t) auth_use_nsswitch($1_su_t) auth_rw_faillog($1_su_t) + #RHEL 5 uses unix_update for su + ifdef(`distro_redhat',` + auth_domtrans_upd_passwd($1_su_t) + ') domain_use_interactive_fds($1_su_t) @@ -207,6 +211,10 @@ auth_dontaudit_read_shadow($1_su_t) auth_use_nsswitch($1_su_t) auth_rw_faillog($1_su_t) + #RHEL 5 uses unix_update for su + ifdef(`distro_redhat',` + auth_domtrans_upd_passwd($1_su_t) + ') corecmd_search_bin($1_su_t) Brandon Brandon Whalen Tresys Technology v: 443-539-0747 Suite 2100 f: 410-953-0494 8840 Stanford Blvd bwhalen@xxxxxxxxxx Columbia, MD 21045 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
