From 3540593e19c0b290407daf83a59fbf33c05cf454 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 6 Dec 2011 11:16:23 -0500 Subject: [PATCH] add more file trans rules for files labeled shadow_file_t --- policy/modules/system/authlogin.fc | 2 +- policy/modules/system/authlogin.if | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc index c197c725..7a39e358 100644 --- a/policy/modules/system/authlogin.fc +++ b/policy/modules/system/authlogin.fc @@ -10,7 +10,7 @@ HOME_DIR/\.google_authenticator gen_context(system_u:object_r:auth_home_t,s0) /etc/passwd\.adjunct.* -- gen_context(system_u:object_r:shadow_t,s0) /etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0) /etc/passwd-? -- gen_context(system_u:object_r:passwd_file_t,s0) -/etc/passwd\.OLD -- gen_context(system_u:object_r:passwd_file_t,s0) +/etc/passwd\.OLD -- gen_context(system_u:object_r:passwd_file_t,s0) /etc/ptmptmp -- gen_context(system_u:object_r:passwd_file_t,s0) /etc/group-? -- gen_context(system_u:object_r:passwd_file_t,s0) diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if index 457223d9..bbf9ef45 100644 --- a/policy/modules/system/authlogin.if +++ b/policy/modules/system/authlogin.if @@ -1839,6 +1839,10 @@ interface(`auth_filetrans_named_content',` files_etc_filetrans($1, passwd_file_t, file, "passwd-") files_etc_filetrans($1, passwd_file_t, file, "passwd.OLD") files_etc_filetrans($1, passwd_file_t, file, "ptmptmp") + files_etc_filetrans($1, shadow_t, file, ".pwd.lock") + files_etc_filetrans($1, shadow_t, file, "group.lock") + files_etc_filetrans($1, shadow_t, file, "passwd.lock") + files_etc_filetrans($1, shadow_t, file, "passwd.adjunct") files_etc_filetrans($1, shadow_t, file, "shadow") files_etc_filetrans($1, shadow_t, file, "shadow-") files_etc_filetrans($1, shadow_t, file, ".pwd.lock") -- 2.47.3