[redhat-lspp] Re: some additional pam_namespace issues ..
JANAK DESAI
janak at us.ibm.com
Thu Feb 16 18:40:15 UTC 2006
Stephen Smalley wrote:
>On Thu, 2006-02-16 at 13:24 -0500, Stephen Smalley wrote:
>
>
>>But a simple approach for you might just to be to automatically disable
>>context polyinstantiation if getexeccon is NULL, as that indicates that
>>no context change is going to occur.
>>
>>
>
>Or to be precise, that no context change has been explicitly requested
>by the application. An automatic domain transition may still occur, but
>we don't want polyinstantiation on those anyway.
>
>
>
Ah, good. Makes perfect sense. Will update accordingly.
-Janak
More information about the redhat-lspp
mailing list