File pam-bsc1197795-do-not-include-obsolete-header-files.patch of Package pam-modules.23706
Index: pam-modules-12.1/pam_unix2-2.9.1/src/selinux_utils.c
===================================================================
--- pam-modules-12.1.orig/pam_unix2-2.9.1/src/selinux_utils.c
+++ pam-modules-12.1/pam_unix2-2.9.1/src/selinux_utils.c
@@ -27,7 +27,6 @@
#include <string.h>
#include <syslog.h>
#include <sys/types.h>
-#include <selinux/flask.h>
#include <selinux/selinux.h>
#include <selinux/context.h>
@@ -47,15 +46,25 @@ selinux_check_access (const char *chuser
{
context_t c = context_new (user_context);
const char *user = context_user_get (c);
+ security_class_t passwd_class;
if (strcmp (chuser, user) == 0)
status = 0;
+ else if ((passwd_class = string_to_security_class("passwd")) == 0)
+ {
+ context_free (c);
+ freecon (user_context);
+ if (security_deny_unknown() == 0)
+ status = 0;
+ }
else
{
struct av_decision avd;
- int retval = security_compute_av (user_context,
+ int retval;
+
+ retval = security_compute_av (user_context,
user_context,
- SECCLASS_PASSWD,
+ passwd_class,
access,
&avd);