[refpolicy] su patch
Christopher J. PeBenito
cpebenito at tresys.com
Thu Jun 18 08:58:10 CDT 2009
On Fri, 2009-05-22 at 13:40 -0400, Brandon Whalen wrote:
> Allow the derived su domains to run the pam cracklib module in the
> case that
> the root password has expired and the user must reset it after an su.
Merged, with a little reorganization.
> Index: policy/modules/admin/su.if
> ===================================================================
> --- policy/modules/admin/su.if (revision 2987)
> +++ policy/modules/admin/su.if (working copy)
> @@ -78,6 +78,9 @@
> auth_dontaudit_read_shadow($1_su_t)
> auth_use_nsswitch($1_su_t)
> auth_rw_faillog($1_su_t)
> + optional_policy(`
> + usermanage_read_crack_db($1_su_t)
> + ')
>
> domain_use_interactive_fds($1_su_t)
>
> @@ -204,6 +207,9 @@
> auth_dontaudit_read_shadow($1_su_t)
> auth_use_nsswitch($1_su_t)
> auth_rw_faillog($1_su_t)
> + optional_policy(`
> + usermanage_read_crack_db($1_su_t)
> + ')
>
> corecmd_search_bin($1_su_t)
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
More information about the refpolicy
mailing list