| 1 |
I tried running passwd and got "passwd: Critical error - immediate = abort". |
| 2 |
When I looked in /var/log/messages I found an avc denied message that |
| 3 |
mentioned cracklib_dict.pwd. Doing a search I found |
| 4 |
/usr/lib/cracklib_dict.pwd. This file was labeled = system_u:object_r:lib_t. |
| 5 |
When I looked in the policy files crack.fc and passwd.te I found that = the |
| 6 |
passwd_t domain is allowed read access to file typed crack_db_t and that = |
| 7 |
the files in /var/cache/cracklib(/.*)? are to be labled with this type. I = |
| 8 |
added this line to crack.fc: |
| 9 |
|
| 10 |
/usr/lib/cracklib_dict.* system_u:object_r:crack_db_t |
| 11 |
|
| 12 |
This fixed my problems with passwd. |
| 13 |
|
| 14 |
Is this the right solution? |
| 15 |
Does Gentoo ever place cracklib files in /var/cache? |
| 16 |
|
| 17 |
-Tad |
| 18 |
|
| 19 |
|
| 20 |
-- |
| 21 |
gentoo-hardened@g.o mailing list |
Archives