changing of sulogin for SELinux roles?
Stephen Smalley
sds at tycho.nsa.gov
Wed Sep 21 20:33:43 UTC 2005
On Wed, 2005-09-21 at 16:32 -0400, Bill Nottingham wrote:
> 135154/168982. Basically, it currently only authenticates
> as 'root', while the suggestion was to allow it to authenticate
> as any user who has uid 0, even if that's not 'root'.
Ok, so the get_ordered_context_list() call would then take the username
they chose instead of always being "root", I suppose. They would then
need to define that user in policy and authorize them for sysadm_r (or
comparable role) to make it work cleanly.
> That's one option. What I initially thought was that, if you
> have multiple users who are sysadm_r (or whatever), that it would
> allow you to authenticate as any of them.
Ah, I see. We don't have a good interface yet to allow sulogin to get
such a list of users with a particular role, although the ongoing
libsepol/libsemanage work by Ivan should help there.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list