[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [redhat-lspp] Getting rid of multilevel objects

From: Klaus Weidner <klaus atsec com>
To: Stephen Smalley <sds tycho nsa gov>
Cc: lspp-list <redhat-lspp redhat com>
Subject: Re: [redhat-lspp] Getting rid of multilevel objects
Date: Fri, 7 Jul 2006 16:25:25 -0500

On Fri, Jul 07, 2006 at 04:47:46PM -0400, Stephen Smalley wrote:
> On Fri, 2006-07-07 at 15:55 -0500, Klaus Weidner wrote:
> > Would it work to have newrole relabel the pty (maybe in a PAM session
> > module?), so that the controlling low process won't be able to read from
> > it?
> 
> newrole already relabels the tty.

I checked, it does relabel /dev/pts/3, but the SystemLow controlling
process is still permitted to read/write the master end of the pty.

-Klaus

References:
- Re: [redhat-lspp] Getting rid of multilevel objects
  - From: Klaus Weidner
- Re: [redhat-lspp] Getting rid of multilevel objects
  - From: Casey Schaufler
- Re: [redhat-lspp] Getting rid of multilevel objects
  - From: Klaus Weidner
- Re: [redhat-lspp] Getting rid of multilevel objects
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]