On Wed, 2005-09-21 at 16:32 -0400, Bill Nottingham wrote:
135154/168982. Basically, it currently only authenticates
as 'root', while the suggestion was to allow it to authenticate
as any user who has uid 0, even if that's not 'root'.
Ok, so the get_ordered_context_list() call would then take the username
they chose instead of always being "root", I suppose. They would then
need to define that user in policy and authorize them for sysadm_r (or
comparable role) to make it work cleanly.
That's one option. What I initially thought was that, if you
have multiple users who are sysadm_r (or whatever), that it would
allow you to authenticate as any of them.
Ah, I see. We don't have a good interface yet to allow sulogin to get
such a list of users with a particular role, although the ongoing
libsepol/libsemanage work by Ivan should help there.
--
Stephen Smalley
National Security Agency