selinux diversion [was Re: Usermode request: add patch enabling group membership to control auth user]
Matthew Miller
mattdm at mattdm.org
Fri Apr 16 17:58:37 UTC 2004
On Fri, Apr 16, 2004 at 12:43:32PM -0400, Daniel J Walsh wrote:
> If a user is defined in the users database and is allowed to transition to
> sysadm_r he will be allowed to run usermode applications by providing his
> own password instead of the root password.
>
> Similarly to the way sudo is used today.
>
> This might be something we will need to turn off before we ship FC2.
Hmmm. This is basically exactly what my patch implements, except for
(optionally) using group membership instead of magically checking for the
role thing. I don't think it should invisibly behave differently with
SELinux enabled. Perhaps instead of making this automatic, a flag should be
added in the console.apps files? SELINUXROLES or something.
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the fedora-test-list
mailing list