selinux bug or my bug?

[Stephen Smalley]

On Fri, 2004-04-02 at 16:09, Anthony Joseph Seward wrote:
> When I slogin as root from another machine, why don't I get asked which
> role I want?

You can change the default for root by copying
/etc/security/default_contexts to /root/.default_contexts and editing it
appropriately.  Likely need to chcon -t default_context_t
/root/.default_contexts to ensure that it is accessible to sshd.

To make it ask for a context at login time, you'd have to modify the
pam_selinux logic (which presently will only prompt for a context if the
'multiple' option was specified for pam_selinux in /etc/pam.d/sshd and
if stdin is a tty), and I'm not sure whether that would work.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency