[redhat-lspp] Re: MLS enforcing PTYs, sshd, and newrole
Stephen Smalley
sds at tycho.nsa.gov
Thu Oct 19 13:30:13 UTC 2006
On Thu, 2006-10-19 at 09:21 -0400, Daniel J Walsh wrote:
> So one proposed solution to this is to take away the newrole -l
> functionality all together and to add Sensitivity selection to the local
> login.
>
> We can implement pam_selinux to ask for the sensitivity level
>
>
> username: dwalsh
> passwd: ********
> Sensitivity: SystemLow
>
> If we then remove -l from newrole we are done?
pam_selinux used to have support to let the user pick from the list of
reachable contexts for the user. So you could just restore that
support.
That doesn't address sshd though. Or gdm. sshd shouldn't be too
difficult. There were some externally developed gdm patches for selinux
that enabled context selection long ago, but nothing recent
(pre-Fedora).
You don't need to remove -l from newrole; you can just constrain its use
via DAC and via SELinux policy, as Klaus has previously suggested.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list