[redhat-lspp] Re: MLS enforcing PTYs, sshd, and newrole
George C. Wilson
ltcgcw at us.ibm.com
Wed Oct 25 00:19:38 UTC 2006
On Tue, Oct 24, 2006 at 04:37:16PM -0400, James Antill wrote:
> On Mon, 2006-10-23 at 12:14 -0400, James Antill wrote:
> > On Thu, 2006-10-19 at 09:30 -0400, Stephen Smalley wrote:
> > > pam_selinux used to have support to let the user pick from the list of
> > > reachable contexts for the user. So you could just restore that
> > > support.
> >
> > So, in summary of the discussion, having pam_selinux let the user pick
> > the TE and Sensitivity separately (much as it does now if
> > get_ordered_context_list_with_level() fails) is the valid approach?
>
> Ok, I've done a patch to PAM which which adds a config_role option to
> the pam_selinux module ... which if turned on takes the users default
> context and allows them to change the role and/or level (if mls is
> enabled). Entering a blank line sticks with the default.
>
> It's available from:
>
> http://people.redhat.com/jantill/pam-config_role/
>
> ...the rpms there have been built on FC5.
>
Thanks, James. I got it built on a ppc64 victim. Hopefully Klaus can take a
quick look to see if it will work for the cert.
--
George Wilson <ltcgcw at us.ibm.com>
IBM Linux Technology Center
More information about the redhat-lspp
mailing list