[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/

Sven Vermeulen Tue, 30 Dec 2014 12:44:20 -0800

commit:     90bfde5dce608aa910e0e0e7db0af6c5dda0cb21
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue Dec 30 20:43:20 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Tue Dec 30 20:43:20 2014 +0000
URL:        
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=90bfde5d


Grant all PAM using applications read access to SELinux state

---
 policy/modules/system/authlogin.if | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/policy/modules/system/authlogin.if 
b/policy/modules/system/authlogin.if
index f05d7bf..6aac59c 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -80,6 +80,13 @@ interface(`auth_use_pam',`
        optional_policy(`
                nis_authenticate($1)
        ')
+
+       ifdef(`distro_gentoo',`
+               # pam_unix.so only calls unix_chkpwd if geteuid <> 0 or if 
SELinux is enabled.
+               # So we need to grant it the proper privileges to check if 
SELinux is enabled
+               selinux_getattr_fs($1)
+               selinux_get_enforce_mode($1)
+       ')
 ')
 
 ########################################

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/

Reply via email to