Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Cleanup of chkpwd and su macros
From: James Carter <jwcart2_at_epoch.ncsc.mil>
Date: Thu, 21 Apr 2005 09:29:35 -0400
They were removed because the system_chkpwd_t domain (the auth_chkpwd attribute is only for system domains) already has the permissions. The can_getcon, can_ypbind, can_kerberos, can_ldap, and can_resolve macros are already used for $1_chkpwd_t earlier in the chkpwd_domain macro. Now it may be true that the caller needs these permissions, but if they do, I don't think that the permissions should be buried in the auth_chkpwd attribute. -- James Carter <jwcart2@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Thu 21 Apr 2005 - 09:33:39 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |