[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The possibility of SELinux targeted policy in the default install

On Fri, Sep 15, 2006 at 02:02:29PM -0500, Manoj Srivastava wrote:

> On Fri, 15 Sep 2006 02:21:18 -0700, Steve Langasek <vorlon@debian.org> said: 

> > Ok.  What about cron, su, *dm, sudo, samba, ftp servers...?  All of
> > these processes change uids as well after authentication, do they
> > also need selinux support?

>         Cron runs properly in crond_t already, ther are domain
>  transition set up since the cron deamon file is labelled on the disk,
>  and the transition from contd_exec_t to crond_t etc is already
>  cone. Same goes for ftp servers and all.


>         *.dm I am not sure about, but I think they called pam.d/login
>  to manage things (I'll need to look that up; been a while since I
>  submitted the xdm patch).

Each *dm has (and should have) its own PAM configuration.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Reply to: