sshd_t & guest_t - Boolean suggestion
Jorge Fábregas
jorge.fabregas at gmail.com
Thu Dec 23 19:18:18 UTC 2010
On Thursday, December 23, 2010 03:09:11 pm Daniel J Walsh wrote:
> Theoretically we have this.
>
> unconfined_login -> on Allow a user to login as an
> unconfined domain
>
> (Not sure it works.
I didn't know that one but it seems it's not working on Fedora 12 (I'll switch
to Fedora 14 soon I know :)
After doing: setsebool unconfined_login off
..and then tried to connect (as a regular unconfined user), pstree shows:
|-sshd(`unconfined_u:system_r:sshd_t:s0-s0:c0.c1023')
| `-sshd(`unconfined_u:system_r:sshd_t:s0-s0:c0.c1023')
| `-sshd(`unconfined_u:system_r:sshd_t:s0-s0:c0.c1023')
| `-bash(`unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023')
... it transitioned into unconfined_t .so the boolean is not working here.
> Well one thing you could try is to disable the unconfineduser policy
> package, This would eliminate the unconfined_t from your system
> altogether.
>
> Then you would have to setup the admin (root) to log in as sysadm_t.
I'll check into this. Never used sysadm_t before.
Thanks,
Jorge
More information about the selinux
mailing list