From edba62fdaa8115c0c194ad6d86981e8c9692b8e7 Mon Sep 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Thu, 4 Jun 2020 21:11:52 +0800
Subject: [PATCH] add allow shadow tool to access sssd var lib file/dir

Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
---
 policy/modules/admin/usermanage.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 1977309..b8d51ba 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -666,8 +666,13 @@ optional_policy(`
 # avc for openEuler
 #sssd_var_lib_dir(groupadd_t)
 optional_policy(`
+   sssd_var_lib_dir(groupadd_t)
 	sssd_var_lib_map_file(groupadd_t)
    sssd_var_lib_write_file(groupadd_t)
+   sssd_var_lib_map_file(passwd_t)
+   sssd_var_lib_write_file(passwd_t)
    sssd_var_lib_map_file(useradd_t)
    sssd_var_lib_write_file(useradd_t)
+   sssd_var_lib_create_file(useradd_t)
+   sssd_var_lib_dir(useradd_t)
 ')
-- 
1.8.3.1