changing of sulogin for SELinux roles?

Stephen Smalley sds at
Wed Sep 21 20:33:43 UTC 2005

On Wed, 2005-09-21 at 16:32 -0400, Bill Nottingham wrote:
> 135154/168982. Basically, it currently only authenticates
> as 'root', while the suggestion was to allow it to authenticate
> as any user who has uid 0, even if that's not 'root'.

Ok, so the get_ordered_context_list() call would then take the username
they chose instead of always being "root", I suppose.  They would then
need to define that user in policy and authorize them for sysadm_r (or
comparable role) to make it work cleanly.

> That's one option. What I initially thought was that, if you
> have multiple users who are sysadm_r (or whatever), that it would
> allow you to authenticate as any of them.

Ah, I see.  We don't have a good interface yet to allow sulogin to get
such a list of users with a particular role, although the ongoing
libsepol/libsemanage work by Ivan should help there.

Stephen Smalley
National Security Agency

More information about the fedora-selinux-list mailing list