[redhat-lspp] Reviewing the sudo patch.
Chad Hanson
chanson at TrustedCS.com
Wed Dec 14 21:32:39 UTC 2005
Hi Dan,
We believe the security range should stay the same as calling process. This
is something we would like for su as well. If we could remove the
pam_selinux from su so that the selinux identity, role, type stay the same
across su. I think we discussed with Stephen awhile back in a meeting and
this change would go back to original selinux implementation of su/pam.
-Chad
> -----Original Message-----
> From: Daniel J Walsh [mailto:dwalsh at redhat.com]
> Sent: Friday, December 09, 2005 11:09 AM
> To: redhat-lspp
> Subject: [redhat-lspp] Reviewing the sudo patch.
>
>
> How should sudo work with MLS? Should it?
>
> Basically I am trying to figure out how sudo should work in the with
> sensitivity levels.
>
> Should it maintain the sencurity range of the user running sudo? Or
> should it get the range of the user being sudo to? (Usually root.)
>
More information about the redhat-lspp
mailing list