diff options
author | Sven Vermeulen <sven.vermeulen@siphos.be> | 2014-12-30 21:43:20 +0100 |
---|---|---|
committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2014-12-30 21:43:20 +0100 |
commit | 90bfde5dce608aa910e0e0e7db0af6c5dda0cb21 (patch) | |
tree | 3be6f73726ed65c424437bfdc0f7ebf6878642ad | |
parent | Fix bug 534030 - Update on courier policy with documentation in comments (diff) | |
download | hardened-refpolicy-90bfde5dce608aa910e0e0e7db0af6c5dda0cb21.tar.gz hardened-refpolicy-90bfde5dce608aa910e0e0e7db0af6c5dda0cb21.tar.bz2 hardened-refpolicy-90bfde5dce608aa910e0e0e7db0af6c5dda0cb21.zip |
Grant all PAM using applications read access to SELinux state
-rw-r--r-- | policy/modules/system/authlogin.if | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if index f05d7bf79..6aac59c39 100644 --- a/policy/modules/system/authlogin.if +++ b/policy/modules/system/authlogin.if @@ -80,6 +80,13 @@ interface(`auth_use_pam',` optional_policy(` nis_authenticate($1) ') + + ifdef(`distro_gentoo',` + # pam_unix.so only calls unix_chkpwd if geteuid <> 0 or if SELinux is enabled. + # So we need to grant it the proper privileges to check if SELinux is enabled + selinux_getattr_fs($1) + selinux_get_enforce_mode($1) + ') ') ######################################## |