[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The possibility of SELinux targeted policy in the default install

Hello Steve,
> Could you remind me why this module is specific to /etc/pam.d/ssh and
> /etc/pam.d/login, rather than something that should be enabled in the global
> config?

AFAIK it's because login and ssh are interactive sessions. These might
be using different contexts (e.g. sysadm_r, staff_r, user_r), whereas
when logging into the imap server this differentiation is not necessary.
(well, I could imagine we would need it in courier and dovecot when
storing the mail in the users home folder?)
We definitely need some selinux wizard for that.

best regards,
Erich Schubert
   erich@(vitavonni.de|debian.org)    --    GPG Key ID: 4B3A135C    (o_
     Which is worse: ignorance or apathy? Who knows? Who cares?     //\
              Denken ist oft schwerer, als man denkt.               V_/_

Reply to: