From f655b4b3a73cea7fb5d9e905617712281dc3c803 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 12 Aug 2015 17:04:00 +0200 Subject: pam_rootok: use rootok permission instead of passwd permission in SELinux check. * modules/pam_rootok/pam_rootok.c (selinux_check_root): Use rootok instead of passwd permission. --- modules/pam_rootok/pam_rootok.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_rootok') diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c index 70579e5b..88bed0c9 100644 --- a/modules/pam_rootok/pam_rootok.c +++ b/modules/pam_rootok/pam_rootok.c @@ -106,7 +106,7 @@ selinux_check_root (void) return status; } - status = selinux_check_access(user_context, user_context, "passwd", "passwd", NULL); + status = selinux_check_access(user_context, user_context, "passwd", "rootok", NULL); selinux_set_callback(SELINUX_CB_LOG, old_callback); freecon(user_context); -- cgit v1.2.3