Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
libselinux: selinux_check_passwd_access_internal(): respect deny_unknown
`selinux_check_passwd_access_internal()`, and thereby `checkPasswdAccess(3)` and `selinux_check_passwd_access(3)`, does not respect the policy defined setting of `deny_unknown`, like `selinux_check_access(3)` does. This means in case the security class `passwd` is not defined, success is returned instead of failure, i.e. permission denied. Most policies should define the `passwd` class and the two affected public functions are marked deprecated. Align the behavior with `selinux_check_access(3)` and respect the deny_unknown setting in case the security class is not defined. Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
- Loading branch information