From dd95c98946ce3cea119c4d2884ccafd608cd8d13 Mon Sep 17 00:00:00 2001 From: Dave Sugar Date: Fri, 12 Jan 2024 10:19:09 -0500 Subject: [PATCH] Fix password changing from cockpit login screen node=localhost type=AVC msg=audit(1705071167.616:1344): avc: denied { write } for pid=6560 comm="cockpit-session" name="etc" dev="dm-1" ino=393220 scontext=system_u:system_r:cockpit_session_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0 node=localhost type=AVC msg=audit(1705071268.820:1383): avc: denied { write } for pid=6588 comm="cockpit-session" name="etc" dev="dm-1" ino=393220 scontext=system_u:system_r:cockpit_session_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=1 node=localhost type=AVC msg=audit(1705071268.820:1383): avc: denied { add_name } for pid=6588 comm="cockpit-session" name="nshadow" scontext=system_u:system_r:cockpit_session_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=1 node=localhost type=AVC msg=audit(1705071268.826:1384): avc: denied { remove_name } for pid=6588 comm="cockpit-session" name="nshadow" dev="dm-1" ino=393552 scontext=system_u:system_r:cockpit_session_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=1 Signed-off-by: Dave Sugar --- policy/modules/system/authlogin.if | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if index 3ad434d196..6b9d957d3a 100644 --- a/policy/modules/system/authlogin.if +++ b/policy/modules/system/authlogin.if @@ -712,6 +712,7 @@ interface(`auth_manage_shadow',` type shadow_t; ') + files_rw_etc_dirs($1) auth_manage_shadow_history($1) auth_rw_shadow_lock($1) allow $1 shadow_t:file manage_file_perms;