On Mon, 2009-08-17 at 08:29 -0400, Stephen Smalley wrote:
> On Sun, 2009-08-16 at 11:53 -0700, Larry Ross wrote:
> > Using the RHEL5.3 strict policy I am trying to allow a custom selinux
> > user permission to use the passwd and chage commands to get the status
> > of a local user.
> >
> > With selinux in permissive it works as expected, with selinux in
> > enforcing, all I get are cryptic error messages. I installed the
> > enableaudit.pp base policy module, still no denials.
> >
> > Does anyone know what permissions I need to add or what I could
> > be doing wrong? Is this even possible?
>
> Did you allow the :passwd permission to the custom selinux user's
> domain?
>
> allow <userdomain> self:passwd { passwd };
Perhaps a denial message should be emitted from
selinux_check_passwd_access() so people know when this perm check is
denied.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
