diff options
| author |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2014-12-30 21:43:20 +0100 |
|---|---|---|
| committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2014-12-30 21:43:20 +0100 |
| commit | 90bfde5dce608aa910e0e0e7db0af6c5dda0cb21 (patch) | |
| tree | 3be6f73726ed65c424437bfdc0f7ebf6878642ad | |
| parent | Fix bug 534030 - Update on courier policy with documentation in comments (diff) | |
| download | hardened-refpolicy-90bfde5dce608aa910e0e0e7db0af6c5dda0cb21.tar.gz hardened-refpolicy-90bfde5dce608aa910e0e0e7db0af6c5dda0cb21.tar.bz2 hardened-refpolicy-90bfde5dce608aa910e0e0e7db0af6c5dda0cb21.zip | |
Grant all PAM using applications read access to SELinux state
| -rw-r--r-- | policy/modules/system/authlogin.if | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if index f05d7bf79..6aac59c39 100644 --- a/policy/modules/system/authlogin.if +++ b/policy/modules/system/authlogin.if @@ -80,6 +80,13 @@ interface(`auth_use_pam',` optional_policy(` nis_authenticate($1) ') + + ifdef(`distro_gentoo',` + # pam_unix.so only calls unix_chkpwd if geteuid <> 0 or if SELinux is enabled. + # So we need to grant it the proper privileges to check if SELinux is enabled + selinux_getattr_fs($1) + selinux_get_enforce_mode($1) + ') ') ######################################## |