]> granicus.if.org Git - linux-pam/commitdiff
pam_rootok: use rootok permission instead of passwd permission in SELinux check.
authorTomas Mraz <tmraz@fedoraproject.org>
Wed, 12 Aug 2015 15:04:00 +0000 (17:04 +0200)
committerTomas Mraz <tmraz@fedoraproject.org>
Wed, 12 Aug 2015 15:04:00 +0000 (17:04 +0200)
* modules/pam_rootok/pam_rootok.c (selinux_check_root): Use rootok instead of
passwd permission.

modules/pam_rootok/pam_rootok.c

index 70579e5bce4197b6600a07c8ba149e93bf9fda30..88bed0c9b47a9d1cad26e7f21020927e7cebab42 100644 (file)
@@ -106,7 +106,7 @@ selinux_check_root (void)
        return status;
     }
 
-    status = selinux_check_access(user_context, user_context, "passwd", "passwd", NULL);
+    status = selinux_check_access(user_context, user_context, "passwd", "rootok", NULL);
 
     selinux_set_callback(SELINUX_CB_LOG, old_callback);
     freecon(user_context);