[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: getpwnam and SELinux

From: Stephen Smalley <sds tycho nsa gov>
To: Brian Ginn <BGinn symark com>
Cc: "'fedora-selinux-list redhat com'" <fedora-selinux-list redhat com>
Subject: Re: getpwnam and SELinux
Date: Thu, 02 Jul 2009 07:52:49 -0400

On Wed, 2009-07-01 at 16:15 -0700, Brian Ginn wrote:
> I have an app that I'm trying to confine.
> 
>  
> 
> In enforcing mode, getpwnam() returns "X" for the pw_passwd field.
> 
>  
> 
> Is there SELinux policy to allow this app to get the shadow passwd?
> 
> I've tried the following without success:
> 
> auth_can_read_shadow_passwords(  )
> 
> auth_read_shadow(  )
> 
> auth_tunable_read_shadow(  )
> 
> auth_use_nsswitch(  )

Can you show us the actual denial?  Run semodule -DB first if you don't
get any denials, and then run semodule -B afterward.  Also, post
your .te file.

-- 
Stephen Smalley
National Security Agency

Follow-Ups:
- RE: getpwnam and SELinux
  - From: Brian Ginn

References:
- getpwnam and SELinux
  - From: Brian Ginn

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]