policy to allow myapp to exec chfn
Brian Ginn
BGinn at symark.com
Fri May 29 01:03:32 UTC 2009
I have an app which runs from xinetd in the myapp_t domain:
system_u:system_r:myapp_t
I am attempting to get myapp to exec the chfn program
however it reports:
chfn: system_u:system_r:myapp_t:SystemLow-SystemHigh is not authorized to change the finger info of test5
I have tried these macros from the reference policy:
usermanage_run_chfn(myapp_t,system_r,devpts_t )
type myapp_devpts_t;
type myapp_tty_device_t;
userdom_change_password_template(myapp)
usermanage_run_chfn(myapp_t,system_r,{ myapp_devpts_t myapp_tty_device_t })
but things still don't work.
SELinux is not reporting denials in audit.log, presumably because
chfn calls security_compute_av() and reports the "denial" itself.
Is there policy I can write that will allow myapp to exec chfn?
Thanks,
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090528/796e304d/attachment.htm>
More information about the fedora-selinux-list
mailing list