Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: /dev/pts/x use denials
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Mon, 04 Apr 2005 11:13:13 -0400
I don't see sysadm_tmp_t anywhere above. I do see staff_t fd's, but that just shows that the descriptor was opened by a staff_t process and then inherited across the su, nothing surprising there. Earlier versions of pam_selinux did try closing and re-opening descriptors 0-2 as newrole does, but that proved problematic. su likely just needs to be directly patched rather than using pam_selinux. -- Stephen Smalley <sds@tycho.nsa.gov> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 4 Apr 2005 - 11:23:28 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |