[redhat-lspp] Re: MLS enforcing PTYs, sshd, and newrole
James Antill
jantill at redhat.com
Mon Oct 23 16:14:57 UTC 2006
On Thu, 2006-10-19 at 09:30 -0400, Stephen Smalley wrote:
> pam_selinux used to have support to let the user pick from the list of
> reachable contexts for the user. So you could just restore that
> support.
So, in summary of the discussion, having pam_selinux let the user pick
the TE and Sensitivity separately (much as it does now if
get_ordered_context_list_with_level() fails) is the valid approach?
> That doesn't address sshd though. Or gdm. sshd shouldn't be too
> difficult.
Combined with adding similar code to sshd.
> There were some externally developed gdm patches for selinux
> that enabled context selection long ago, but nothing recent
> (pre-Fedora).
But, from the "gdm/trsuted-X needs lots more work" discussion, gdm
should just stay with the default Sensitivity and people can use a
terminal+ssh to change levels?
--
James Antill <jantill at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061023/335f4cc6/attachment.sig>
More information about the redhat-lspp
mailing list