On Thu, Jul 26, 2012 at 11:18:22AM +0200, Jan Zelený wrote: > Dne středa 25 července 2012 10:19:04, Simo Sorce napsal(a): > > On Wed, 2012-07-25 at 08:54 +0200, Jan Zelený wrote: > > > #161 - Rename session provider to selinux provider > > > #162 - Move SELinux provider processing right after PAM_ACCT_MGMT > > > > > > These patches are a proof of concept solving following ticket: > > > > > > https://fedorahosted.org/sssd/ticket/1439 > > > > > > I realize that there might be some rough edges to sand off but right now > > > the important thing for me is to know whether the approach implemented in > > > patch #162 and described in the comment #1 in the ticket is valid. > > > > NACK, we discussed a better approach on IRC. > > > > Simo. > > Here it is. I re-numbered the patch set because there is a new patch #163 > bringing a simple fix that should be applied before patch #165. > > I also extended the commit message. Now it explains the entire idea behind > the > patch. > > Thanks > Jan
I was able to successfuly test the basic SELinux features with this patch on a fresh ipa-client install with unmodified PAM stack -- great! Code-wise, I'm just not a big fan of "phase" in the generic be_req structure, but that could be fixed post-beta. Ack from me, I'd like to have Simo take a second look, because he has architected the approach. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
