SELinux-Refpolicy Archive on lore.kernel.org
 help / color / Atom feed
* logind shadow access
@ 2020-04-08  2:25 Russell Coker
  2020-04-08  6:47 ` Topi Miettinen
  0 siblings, 1 reply; 2+ messages in thread
From: Russell Coker @ 2020-04-08  2:25 UTC (permalink / raw)
  To: selinux-refpolicy

# audit2allow -l < /var/log/audit/audit.log |tail -1
allow systemd_logind_t shadow_t:file read;

Is there any good reason why systemd_logind might need to access /etc/shadow?

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/




^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: logind shadow access
  2020-04-08  2:25 logind shadow access Russell Coker
@ 2020-04-08  6:47 ` Topi Miettinen
  0 siblings, 0 replies; 2+ messages in thread
From: Topi Miettinen @ 2020-04-08  6:47 UTC (permalink / raw)
  To: Russell Coker, selinux-refpolicy

On 8.4.2020 5.25, Russell Coker wrote:
> # audit2allow -l < /var/log/audit/audit.log |tail -1
> allow systemd_logind_t shadow_t:file read;
> 
> Is there any good reason why systemd_logind might need to access /etc/shadow?
> 

For account enable/disable state and so on: 
https://github.com/systemd/systemd/issues/15105.

-Topi


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-08  2:25 logind shadow access Russell Coker
2020-04-08  6:47 ` Topi Miettinen

SELinux-Refpolicy Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux-refpolicy/0 selinux-refpolicy/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux-refpolicy selinux-refpolicy/ https://lore.kernel.org/selinux-refpolicy \
		selinux-refpolicy@vger.kernel.org
	public-inbox-index selinux-refpolicy

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux-refpolicy


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git