On Sun, 2009-08-16 at 11:53 -0700, Larry Ross wrote:
> Using the RHEL5.3 strict policy I am trying to allow a custom selinux
> user permission to use the passwd and chage commands to get the status
> of a local user.
>
> With selinux in permissive it works as expected, with selinux in
> enforcing, all I get are cryptic error messages. I installed the
> enableaudit.pp base policy module, still no denials.
>
> Does anyone know what permissions I need to add or what I could
> be doing wrong? Is this even possible?
Did you allow the :passwd permission to the custom selinux user's
domain?
allow <userdomain> self:passwd { passwd };
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
