[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: newrole using SELinux user identity for password lookups

From: Stephen Smalley <sds epoch ncsc mil>
To: Colin Walters <walters redhat com>
Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
Subject: Re: newrole using SELinux user identity for password lookups
Date: Wed, 21 Apr 2004 15:56:52 -0400

On Wed, 2004-04-21 at 15:48, Colin Walters wrote:
> Ok.  Well do you (or anyone else, Dan?) have any suggestions for the
> short term?  For FC2 we could just tell users to always use 'su'.  The
> unfortunate thing here is that Fedora users who are reading upstream
> docs will get exactly the opposite information :/

In the short term, if you want to have it fall back to the Linux uid for
authentication purposes if the SELinux user identity is
SELINUX_DEFAULTUSER (defined in include/selinux/get_context_list.h),
then that is fine.  Just don't use the Linux uid as the user identity
for the new context.

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency

Follow-Ups:
- Re: newrole using SELinux user identity for password lookups
  - From: Colin Walters

References:
- newrole using SELinux user identity for password lookups
  - From: Colin Walters
- Re: newrole using SELinux user identity for password lookups
  - From: Stephen Smalley
- Re: newrole using SELinux user identity for password lookups
  - From: Colin Walters
- Re: newrole using SELinux user identity for password lookups
  - From: Stephen Smalley
- Re: newrole using SELinux user identity for password lookups
  - From: Colin Walters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]