From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 6 Dec 2011 16:16:23 +0000 (-0500)
Subject: add more file trans rules for files labeled shadow_file_t
X-Git-Tag: 000~38
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3540593e19c0b290407daf83a59fbf33c05cf454;p=people%2Fstevee%2Fselinux-policy.git

add more file trans rules for files labeled shadow_file_t
---

diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
index c197c725..7a39e358 100644
--- a/policy/modules/system/authlogin.fc
+++ b/policy/modules/system/authlogin.fc
@@ -10,7 +10,7 @@ HOME_DIR/\.google_authenticator			gen_context(system_u:object_r:auth_home_t,s0)
 /etc/passwd\.adjunct.*	--	gen_context(system_u:object_r:shadow_t,s0)
 /etc/shadow.*		--	gen_context(system_u:object_r:shadow_t,s0)
 /etc/passwd-?		--	gen_context(system_u:object_r:passwd_file_t,s0)
-/etc/passwd\.OLD		--	gen_context(system_u:object_r:passwd_file_t,s0)
+/etc/passwd\.OLD	--	gen_context(system_u:object_r:passwd_file_t,s0)
 /etc/ptmptmp		--	gen_context(system_u:object_r:passwd_file_t,s0)
 /etc/group-?		--	gen_context(system_u:object_r:passwd_file_t,s0)
 
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 457223d9..bbf9ef45 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -1839,6 +1839,10 @@ interface(`auth_filetrans_named_content',`
 	files_etc_filetrans($1, passwd_file_t, file, "passwd-")
 	files_etc_filetrans($1, passwd_file_t, file, "passwd.OLD")
 	files_etc_filetrans($1, passwd_file_t, file, "ptmptmp")
+	files_etc_filetrans($1, shadow_t, file, ".pwd.lock")
+	files_etc_filetrans($1, shadow_t, file, "group.lock")
+	files_etc_filetrans($1, shadow_t, file, "passwd.lock")
+	files_etc_filetrans($1, shadow_t, file, "passwd.adjunct")
 	files_etc_filetrans($1, shadow_t, file, "shadow")
 	files_etc_filetrans($1, shadow_t, file, "shadow-")
 	files_etc_filetrans($1, shadow_t, file, ".pwd.lock")