When auditing selinux log (I am trying to make zoneminder selinux policy) I was surprised to see that zoneminder try to read /etc/shadow.
I don't find where is it in source code.
selinux seems to say it is in zmpkg.pl, but I can't see any reference to "shadow" in this file. I think but not sure, that's zmu binary which try to read this file.
Code: Select all
type=AVC msg=audit(1325527681.326:46234): avc: denied { read } for pid=29069 comm="zmpkg.pl" name="shadow" dev=dm-0 ino=139442 scontext=unconfined_u:system_r:zoneminder_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file
type=AVC msg=audit(1325527681.326:46234): avc: denied { open } for pid=29069 comm="zmpkg.pl" name="shadow" dev=dm-0 ino=139442 scontext=unconfined_u:system_r:zoneminder_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file
type=AVC msg=audit(1325527681.326:46235): avc: denied { getattr } for pid=29069 comm="zmpkg.pl" path="/etc/shadow" dev=dm-0 ino=139442 scontext=unconfined_u:system_r:zoneminder_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=fileThanks in advance for any help !