changing of sulogin for SELinux roles?

Bill Nottingham notting at
Wed Sep 21 20:32:16 UTC 2005

Stephen Smalley (sds at said: 
> On Wed, 2005-09-21 at 16:13 -0400, Bill Nottingham wrote:
> > There's an open bug for changing sulogin to handle multiple
> > accounts with uid 0. Wouldn't it also be useful to change
> > it to check roles as well (for strict policy)?
> Can you elaborate a little, or point to the bugzilla entry?

135154/168982. Basically, it currently only authenticates
as 'root', while the suggestion was to allow it to authenticate
as any user who has uid 0, even if that's not 'root'.

> It presently just uses the default context for "root" from sulogin's
> domain, where the default can be altered via the default_contexts
> configuration.  Were you thinking of having it allow the user to select
> a context if multiple contexts are returned like pam_selinux does?

That's one option. What I initially thought was that, if you
have multiple users who are sysadm_r (or whatever), that it would
allow you to authenticate as any of them.


More information about the fedora-selinux-list mailing list