On Wed, 2006-05-31 at 15:06 -0300, Glauber de Oliveira Costa wrote: > Hi folks, > > In terms type/level , who should be able to successfully run the > open_init_pty > command ? From system usage, it seems that secadm_r e sysadm_r are forbidden > open_init_pty execution, but I need something stronger than a guess. > > It would be nice if someone can give me some guidance on this.
I think run_init / open_init_pty serve no purpose in Fedora or RHEL, as the Red Hat policies permit direct transitions to initrc_t without using run_init. In some other distributions that integrate SELinux, use of run_init is necessary. I would expect sysadm to be able to use run_init (and thus open_init_pty). -- Stephen Smalley National Security Agency -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
