Klaus Weidner wrote: > On Wed, Mar 21, 2007 at 06:28:18PM -0400, Linda Knippers wrote: > >>I'm doing some testing on a system installed in 'capp' mode and when >>I login I get a prompt to select a different context, which doesn't >>seem right. I think for a capp installation we don't want the >>"select_context" option on pam_selinux.so in /etc/pam.d/login. >> >>I'm still using 0.19 of the ks scripts and rpm but I just looked >>at the sources for .21 and they look the same in this area. > > > Sorry about the late reply, I had missed the message. > > The intent is that in CAPP mode, people can still use SELinux including > roles, there just are not any security claims about it.
I didn't think roles were really supported with the targeted policy though, meaning there's really just one role. I think someone would have to do alot of policy modification (ala strict) to have something useful. Or am I missing something? > The > select_context setting is optional in this case, it's in there by default > because the script currently doesn't support conditional pam config > files. I might look at fixing that then. I don't want to present users with a question that doesn't make sense for their configuration. -- ljk -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
