On Mon, 2006-10-23 at 12:14 -0400, James Antill wrote: > On Thu, 2006-10-19 at 09:30 -0400, Stephen Smalley wrote: > > pam_selinux used to have support to let the user pick from the list of > > reachable contexts for the user. So you could just restore that > > support. > > So, in summary of the discussion, having pam_selinux let the user pick > the TE and Sensitivity separately (much as it does now if > get_ordered_context_list_with_level() fails) is the valid approach?
Ok, I've done a patch to PAM which which adds a config_role option to the pam_selinux module ... which if turned on takes the users default context and allows them to change the role and/or level (if mls is enabled). Entering a blank line sticks with the default. It's available from: http://people.redhat.com/jantill/pam-config_role/ ...the rpms there have been built on FC5. -- James Antill - <[EMAIL PROTECTED]> setsockopt(fd, IPPROTO_TCP, TCP_CONGESTION, ...); setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, ...); setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, ...);
signature.asc
Description: This is a digitally signed message part
-- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
