[redhat-lspp] Re: some additional pam_namespace issues ..
Stephen Smalley
sds at tycho.nsa.gov
Thu Feb 16 18:28:44 UTC 2006
On Thu, 2006-02-16 at 13:24 -0500, Stephen Smalley wrote:
> But a simple approach for you might just to be to automatically disable
> context polyinstantiation if getexeccon is NULL, as that indicates that
> no context change is going to occur.
Or to be precise, that no context change has been explicitly requested
by the application. An automatic domain transition may still occur, but
we don't want polyinstantiation on those anyway.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list