[redhat-lspp] Re: [PATCH 2/3] Re: MLS enforcing PTYs, sshd, and newrole
Stephen Smalley
sds at tycho.nsa.gov
Wed Nov 1 12:36:43 UTC 2006
On Tue, 2006-10-31 at 13:33 -0500, James Antill wrote:
> On Tue, 2006-10-31 at 11:21 -0500, Stephen Smalley wrote:
>
> > No. The ability to make the security call is controlled by the
> > compute_av permission on the security class, and isn't based on the
> > individual contexts passed as arguments. That would be:
> > allow $1 security_t:security compute_av;
> > which has an interface:
> > selinux_compute_access_vector($1)
> > which is already in authlogin.if. No change required for allowing the
> > call to happen.
> >
> > What you are instead trying to do is to define the _result_ of that
> > compute_av call based on its arguments, not whether it can be made by
> > login. So the TE rule would go into userdomain.if and be of the form:
> > allow $1 self:context <permissionname>;
>
> Ok, I think I have it now. Both patches are at (with the renamed
> permission):
>
> http://people.redhat.com/jantill/pam-config_role/upstream/
They look sane to me. Please post them in separate messages, preferably
inline, and cc Chris PeBenito on the policy patch.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list