newrole using SELinux user identity for password lookups
Stephen Smalley
sds at epoch.ncsc.mil
Wed Apr 21 19:56:52 UTC 2004
On Wed, 2004-04-21 at 15:48, Colin Walters wrote:
> Ok. Well do you (or anyone else, Dan?) have any suggestions for the
> short term? For FC2 we could just tell users to always use 'su'. The
> unfortunate thing here is that Fedora users who are reading upstream
> docs will get exactly the opposite information :/
In the short term, if you want to have it fall back to the Linux uid for
authentication purposes if the SELinux user identity is
SELINUX_DEFAULTUSER (defined in include/selinux/get_context_list.h),
then that is fine. Just don't use the Linux uid as the user identity
for the new context.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the selinux
mailing list