commit: dd35a2da47d070915720f579a180a10df2a8baad
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Nov 2 14:53:23 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sun Nov 2 14:53:23 2014 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=dd35a2da
Support pam_rootok.so update in pam.d/run_init for integrated run_init support
in openrc
---
policy/modules/system/selinuxutil.te | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/policy/modules/system/selinuxutil.te
b/policy/modules/system/selinuxutil.te
index 4d6f5d9..0ad0479 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -648,7 +648,8 @@ ifdef(`distro_gentoo',`
class passwd { passwd chfn chsh rootok };
')
- allow run_init_t self:passwd rootok;
+ # Needed to support pam_rootok.so even with integrated run_init support
in openrc
+ allow run_init_t self:passwd { passwd rootok };
# Fix bug #512676
allow run_init_t self:process signal;
