[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/

Jason Zaman Sat, 08 Mar 2025 17:11:28 -0800

commit:     9407b918eeaec5ddb7127f0a0852b78a984efaf7
Author:     Tianjia Zhang <tianjia.zhang <AT> linux <DOT> alibaba <DOT> com>
AuthorDate: Mon Dec 30 07:58:17 2024 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Mar  8 23:01:08 2025 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9407b918


authlogin: allow unix_chkpwd to run

denied  { dac_read_search } for  pid=27506 comm="unix_chkpwd" capability=2  
scontext=system_u:system_r:chkpwd_t:s0-s15:c0.c1023 
tcontext=system_u:system_r:chkpwd_t:s0-s15:c0.c1023 tclass=capability 
permissive=1

Signed-off-by: Tianjia Zhang <tianjia.zhang <AT> linux.alibaba.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 policy/modules/system/authlogin.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/system/authlogin.te 
b/policy/modules/system/authlogin.te
index b3574e1db..eddd4ced4 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -109,7 +109,7 @@ optional_policy(`
 # Check password local policy
 #
 
-allow chkpwd_t self:capability { dac_override setuid };
+allow chkpwd_t self:capability { dac_override dac_read_search setuid };
 dontaudit chkpwd_t self:capability sys_tty_config;
 allow chkpwd_t self:process { getattr signal };
 dontaudit chkpwd_t self:process getcap;

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/

Reply via email to