--- LC Bruzenak <[EMAIL PROTECTED]> wrote:
> Would that hinder a remote administration scenario > where the ssh login > occurs on a network with a default level which is > below the high-water > mark of the system labels but greater that the low > level? > > We'd like the incoming ssh account to be a > non-administrative role, then > have them su/newrole to an administrative role. > > Do you see any issues with this? If there's an MLS label change you're in trouble. You could argue that the administrative facilities are composed of programs that can be held responsible for policy enforcement and that they can't do anything wrong. This would be really pushing the credibility envelope however, and is an argument with a history of failure. You might get away with it if the new role's shell is restricted, in fact, this is a situation where SELinux could provide significant leverage should you be able to describe the environment provided in terms of enforcement domains. Casey Schaufler [EMAIL PROTECTED] -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
