[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [redhat-lspp] Expected Behaviour of open_init_pty

From: Daniel J Walsh <dwalsh redhat com>
To: Stephen Smalley <sds tycho nsa gov>
Cc: redhat-lspp redhat com, Glauber de Oliveira Costa <glommer br ibm com>
Subject: Re: [redhat-lspp] Expected Behaviour of open_init_pty
Date: Tue, 06 Jun 2006 16:40:23 -0400

Stephen Smalley wrote:

On Wed, 2006-05-31 at 15:06 -0300, Glauber de Oliveira Costa wrote:
Hi folks,
In terms type/level , who should be able to successfully run the open_init_ptycommand ? From system usage, it seems that secadm_r e sysadm_r are forbiddenopen_init_pty execution, but I need something stronger than a guess.
It would be nice if someone can give me some guidance on this.
I think run_init / open_init_pty serve no purpose in Fedora or RHEL, as
the Red Hat policies permit direct transitions to initrc_t without using
run_init.  In some other distributions that integrate SELinux, use of
run_init is necessary.  I would expect sysadm to be able to use run_init
(and thus open_init_pty).

run_init is required in MLS to restart the daemons. Direct transitionsare turned off.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]