On 04/12/2010 12:24 PM, Alan Rouse wrote:
I'm getting the following when I log in via the gnome login gui
(OpenSUSE 11.2) with dontaudit turned off:
type=AVC msg=audit(1271099674.777:3): avc: denied { read } for pid=2475
comm="gdm-session-wor" name="shadow" dev=sda2 ino=129609
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:shadow_t:s0 tclass=file
type=AVC msg=audit(1271099674.780:4): avc: denied { open } for pid=2475
comm="gdm-session-wor" name="shadow" dev=sda2 ino=129609
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:shadow_t:s0 tclass=file
type=AVC msg=audit(1271099674.792:5): avc: denied { getattr } for
pid=2475 comm="gdm-session-wor" path="/etc/shadow" dev=sda2 ino=129609
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:shadow_t:s0 tclass=file
But I think the required access is prohibited via 'neverallow'.
Suggestions welcome.
Thanks
I think shadow is always rejected by the policy,
and chkpwd is allowed.
Justin P. Mattock
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
