Re: The possibility of SELinux targeted policy in the default install

To: debian-boot@lists.debian.org
Subject: Re: The possibility of SELinux targeted policy in the default install
From: Steve Langasek <vorlon@debian.org>
Date: Sat, 16 Sep 2006 18:47:47 -0700
Message-id: <[🔎] 20060917014746.GG5596@mauritius.dodds.net>
Mail-followup-to: debian-boot@lists.debian.org
In-reply-to: <[🔎] 87mz91osvu.fsf@glaurung.internal.golden-gryphon.com>
References: <[🔎] 87wt87qoj9.fsf@glaurung.internal.golden-gryphon.com> <[🔎] 1158270874.32661.46.camel@wintermute.xmldesign.de> <[🔎] 20060915061050.GA2905@mauritius.dodds.net> <[🔎] 1158310747.4990.3.camel@wintermute.xmldesign.de> <[🔎] 20060915092118.GF3871@mauritius.dodds.net> <[🔎] 87mz91osvu.fsf@glaurung.internal.golden-gryphon.com>

On Fri, Sep 15, 2006 at 02:02:29PM -0500, Manoj Srivastava wrote:

> On Fri, 15 Sep 2006 02:21:18 -0700, Steve Langasek <vorlon@debian.org> said: 

> > Ok.  What about cron, su, *dm, sudo, samba, ftp servers...?  All of
> > these processes change uids as well after authentication, do they
> > also need selinux support?

>         Cron runs properly in crond_t already, ther are domain
>  transition set up since the cron deamon file is labelled on the disk,
>  and the transition from contd_exec_t to crond_t etc is already
>  cone. Same goes for ftp servers and all.

Ok.

>         *.dm I am not sure about, but I think they called pam.d/login
>  to manage things (I'll need to look that up; been a while since I
>  submitted the xdm patch).

Each *dm has (and should have) its own PAM configuration.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Reply to:

References:
- The possibility of SELinux targeted policy in the default install
  - From: Manoj Srivastava <srivasta@golden-gryphon.com>
- Re: The possibility of SELinux targeted policy in the default install
  - From: Erich Schubert <erich@debian.org>
- Re: The possibility of SELinux targeted policy in the default install
  - From: Steve Langasek <vorlon@debian.org>
- Re: The possibility of SELinux targeted policy in the default install
  - From: Erich Schubert <erich@debian.org>
- Re: The possibility of SELinux targeted policy in the default install
  - From: Steve Langasek <vorlon@debian.org>
- Re: The possibility of SELinux targeted policy in the default install
  - From: Manoj Srivastava <srivasta@ieee.org>

Prev by Date: Re: Bug#385150: Tests with PPPoE connection
Next by Date: Bug#387855: LVM partitioner problems, sudo and user passwords problem
Previous by thread: Re: The possibility of SELinux targeted policy in the default install
Next by thread: Re: Status of Marathi translations
Index(es):
- Date
- Thread