[DSE-Dev] refpolicy: patch for Debian cracklib-runtime daily cron job
Václav Ovsík
vaclav.ovsik at i.cz
Tue Feb 19 10:03:12 UTC 2008
Hi,
the package cracklib-runtime on Debian contains a daily maintenance script
/etc/cron.daily/cracklib-runtime, that calls
update-cracklib and that calls
crack_mkdict, witch is a shell script. :)
Run of the job daily cron job emits:
audit(1203412448.496:30): avc: denied { execute } for pid=1961 comm="crack_mkdict" name="bash" dev=sda1 ino=81922 scontext=system_u:system_r:crack_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
audit(1203412448.496:31): avc: denied { read } for pid=1961 comm="crack_mkdict" name="bash" dev=sda1 ino=81922 scontext=system_u:system_r:crack_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
A patch is attached that suppresses these two denials.
Thanks.
Regards
--
Zito
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usermanage.deb.patch
Type: text/x-diff
Size: 386 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20080219/72e4f785/attachment.patch
More information about the SELinux-devel
mailing list