* logind shadow access
@ 2020-04-08 2:25 Russell Coker
2020-04-08 6:47 ` Topi Miettinen
0 siblings, 1 reply; 2+ messages in thread
From: Russell Coker @ 2020-04-08 2:25 UTC (permalink / raw)
To: selinux-refpolicy
# audit2allow -l < /var/log/audit/audit.log |tail -1
allow systemd_logind_t shadow_t:file read;
Is there any good reason why systemd_logind might need to access /etc/shadow?
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: logind shadow access
2020-04-08 2:25 logind shadow access Russell Coker
@ 2020-04-08 6:47 ` Topi Miettinen
0 siblings, 0 replies; 2+ messages in thread
From: Topi Miettinen @ 2020-04-08 6:47 UTC (permalink / raw)
To: Russell Coker, selinux-refpolicy
On 8.4.2020 5.25, Russell Coker wrote:
> # audit2allow -l < /var/log/audit/audit.log |tail -1
> allow systemd_logind_t shadow_t:file read;
>
> Is there any good reason why systemd_logind might need to access /etc/shadow?
>
For account enable/disable state and so on:
https://github.com/systemd/systemd/issues/15105.
-Topi
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, back to index
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-08 2:25 logind shadow access Russell Coker
2020-04-08 6:47 ` Topi Miettinen
SELinux-Refpolicy Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/selinux-refpolicy/0 selinux-refpolicy/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 selinux-refpolicy selinux-refpolicy/ https://lore.kernel.org/selinux-refpolicy \
selinux-refpolicy@vger.kernel.org
public-inbox-index selinux-refpolicy
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.selinux-refpolicy
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git