[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FC2 and FC1 and common home

On Wed, 2004-04-07 at 13:42, Jeremy Katz wrote:

> We're going to have to do something about this anyway.  NFS /home is not
> uncommon and there's no way to do full security contexts with NFS --
> it's just not in the protocol at all.  And that doesn't even start to
> get into more bizarre things like AFS ;)

ssh.te already has an ifdef for nfs_home_dirs, which allows it to read
nfs_t:{dir file}.  We could probably make that a bit more generic and
have a /etc/security/selinux/home_dir_context which if it exists, is
used by any program that would otherwise use a specialized type.

> And then I either have to type my password n times or use an ssh key or
> something else like that (or an expect script).  But what happens if baz
> is down when I push my update?  I then have to remember to go back and
> update it later when it comes back up.  And that's with four machines.
> As you get to more and more machines, it gets increasingly less
> managable to do things like that.


> At which point we're basically creating a duplicate of nis/ldap but with
> other bits thrown on top :/

Maybe one solution would be to have a little SELinux daemon that the
kernel talks to over netlink to determine user identity.  This daemon
could then do things like talk to LDAP or whatever.

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]