On Wed, 2004-11-10 at 10:40, Tom London wrote:
Suggest the following:
--- SAVE/chkpwd_macros.te 2004-11-10 07:37:22.098409600 -0800 +++ ./chkpwd_macros.te 2004-11-10 07:38:32.387484758 -0800 @@ -67,6 +67,8 @@
# for nscd dontaudit $1_chkpwd_t var_t:dir search; +dontaudit $1_chkpwd_t var_run_t:dir search; +dontaudit $1_chkpwd_t nscd_var_run_t:dir search;
dontaudit $1_chkpwd_t fs_t:filesystem getattr; ')
Hmmm...shouldn't $1_chkpwd_t by a nscd_client_domain? It seems legitimate for it to perform passwd lookups via nscd.