Re: The possibility of SELinux targeted policy in the default install
On Fri, Sep 15, 2006 at 02:02:29PM -0500, Manoj Srivastava wrote:
> On Fri, 15 Sep 2006 02:21:18 -0700, Steve Langasek <vorlon@debian.org> said:
> > Ok. What about cron, su, *dm, sudo, samba, ftp servers...? All of
> > these processes change uids as well after authentication, do they
> > also need selinux support?
> Cron runs properly in crond_t already, ther are domain
> transition set up since the cron deamon file is labelled on the disk,
> and the transition from contd_exec_t to crond_t etc is already
> cone. Same goes for ftp servers and all.
Ok.
> *.dm I am not sure about, but I think they called pam.d/login
> to manage things (I'll need to look that up; been a while since I
> submitted the xdm patch).
Each *dm has (and should have) its own PAM configuration.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply to: