On 2014-01-09, 17:57 +0000, Schaufler, Casey wrote: > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On > > Behalf Of José Bollo > > Sent: Thursday, January 09, 2014 8:36 AM > > To: [email protected] > > Subject: [Dev] pam module for Smack > > > > Hi, > > > > We are facing problems with the commands 'su' and 'ssh' that don't set the > > user Smack context. Such a service would naturally be accomplished by PAM > > the pluggable authentication module that is integrated with well known > > commands: 'login', 'su', 'ssh' and by other less known as Gnome session > > manager or weston. > > > > Currently, the context is set by systemd. I would like to know if there is a > > reason that explains that systemd doesn't use login+pam to achieve that > > behaviour? > > The reason is that systemd (currently) creates the user session > without a login process. Going forward that does have to change. The > user session is started in the "User" domain. This results in all of > the processes spawned in the user session to be in the "User" > domain. That's very clean.
Yep, as long as the user session processes are spawned though [email protected], they've been set "User" label already. The problem here is the shell su/ssh give to you is not come out though that path: bash-4.2# systemd-cgls --no-pager ├─user.slice │ ├─user-0.slice │ │ ├─session-c2.scope │ │ │ ├─716 su │ │ │ ├─729 bash │ │ │ └─914 systemd-cgls --no-pager │ │ └─[email protected] │ │ ├─726 /usr/lib/systemd/systemd --user ... │ └─user-5000.slice │ ├─session-c1.scope │ │ └─296 /usr/bin/user-session-launch seat0 5000 │ └─[email protected] │ ├─297 /usr/lib/systemd/systemd --user ... └─system.slice ├─1 /sbin/init ... ├─system-server.service │ ├─240 /usr/bin/system_server │ ├─242 /usr/bin/usb-server │ ├─252 /usr/bin/data-router │ ├─255 /sbin/sdbd │ └─695 /bin/sh - Hence seem the shell is inherit the "System" label. /Kangkai _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
