add more file trans rules for files labeled shadow_file_t

diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
index c197c725599092c2eb739d00526a848f825735ac..7a39e3583facbffb531f45981e6e188abc5d947a 100644 (file)
--- a/policy/modules/system/authlogin.fc
+++ b/policy/modules/system/authlogin.fc
@@ -10,7 +10,7 @@ HOME_DIR/\.google_authenticator                       gen_context(system_u:object_r:auth_home_t,s0)
 /etc/passwd\.adjunct.* --      gen_context(system_u:object_r:shadow_t,s0)
 /etc/shadow.*          --      gen_context(system_u:object_r:shadow_t,s0)
 /etc/passwd-?          --      gen_context(system_u:object_r:passwd_file_t,s0)
-/etc/passwd\.OLD               --      gen_context(system_u:object_r:passwd_file_t,s0)
+/etc/passwd\.OLD       --      gen_context(system_u:object_r:passwd_file_t,s0)
 /etc/ptmptmp           --      gen_context(system_u:object_r:passwd_file_t,s0)
 /etc/group-?           --      gen_context(system_u:object_r:passwd_file_t,s0)
 

diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 457223d955f36e0433355bebbbcc8b2ca09223c4..bbf9ef457d60fdec934e2588d4e3357afa8f53f2 100644 (file)
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -1839,6 +1839,10 @@ interface(`auth_filetrans_named_content',`
        files_etc_filetrans($1, passwd_file_t, file, "passwd-")
        files_etc_filetrans($1, passwd_file_t, file, "passwd.OLD")
        files_etc_filetrans($1, passwd_file_t, file, "ptmptmp")
+       files_etc_filetrans($1, shadow_t, file, ".pwd.lock")
+       files_etc_filetrans($1, shadow_t, file, "group.lock")
+       files_etc_filetrans($1, shadow_t, file, "passwd.lock")
+       files_etc_filetrans($1, shadow_t, file, "passwd.adjunct")
        files_etc_filetrans($1, shadow_t, file, "shadow")
        files_etc_filetrans($1, shadow_t, file, "shadow-")
        files_etc_filetrans($1, shadow_t, file, ".pwd.lock")