From 03dd57fe7b25285f77e9fbfb1c96fefe79127571 Mon Sep 17 00:00:00 2001
From: Dominick Grift <domg472@gmail.com>
Date: Mar 01 2010 18:30:28 +0000
Subject: Fix auth_domtrans_chk_passwd to use read_file_perms to surpress open AVC denials.


Signed-off-by: Dominick Grift <domg472@gmail.com>
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>

---

diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 8a89f59..7f21603 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -300,7 +300,7 @@ interface(`auth_domtrans_chk_passwd',`
 	corecmd_search_bin($1)
 	domtrans_pattern($1, chkpwd_exec_t, chkpwd_t)
 
-	dontaudit $1 shadow_t:file { getattr read };
+	dontaudit $1 shadow_t:file read_file_perms;
 
 	dev_read_rand($1)
 	dev_read_urand($1)