Heads up for login managers
David Zeuthen
davidz at redhat.com
Mon Feb 12 19:43:13 UTC 2007
On Mon, 2007-02-12 at 14:36 -0500, Alan Cox wrote:
> The point was that what you appear to be trying
> to do maps directly onto the existing uid/gid security.
Yea, that's correct. In other words I'm not suggest to modify any file
systems to record uid_t:gid_t:session_t instead of just uid_t:gid_t.
So f-u-s will come with the caveat that any login session (even remote)
can use any device / service available to any other login session of the
same user. And I think that's fine; we just have to release note it
somewhere.
(and the other things I'm saying are 1) we really want revoke() to
ensure privacy of sessions on the same seat; and 2) it would be nice to
use a kernel mechanism rather than the rather ugly XDG_SESSION_COOKIE
mechanism.)
David
More information about the Fedora-maintainers
mailing list