shadow

 Hello, Thanks you for the help,Stephen exactly what you had said, The avc denial should be supressed by dontaudit rules, unless you've rebuilt with those stripped from the policy. Hopefully I understand this correctly; make enableaudit was giving me allow system_chkpwd_t security_t:file read; and allow sysadm_sudo_t shadow_t:file { read getattr }; After recompiling my policy;(without make enableaudit) make clean make policy; the allow rules worked for shadow, without commenting out anything. regards;

               --Justin P. Mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

• This message: [ Message body ]
• Next message: Stephen Smalley: "Re: [patch] Tuning avtab to reduce memory usage"
• Previous message: Stephen Smalley: "Re: [patch] Tuning avtab to reduce memory usage"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]